GDPR / Data Privacy
The Data Privacy vertical is included on the Enterprise plan.
Scope
Behavry's Data Privacy module maps GDPR requirements relevant to AI agent workflows that process personal data. The goal: every time an agent touches PII, there's a defensible record of who authorized it, what data was involved, what redaction was applied, and where the output went.
Source: backend/behavry/compliance/data_privacy.py. UI: Compliance → Data Privacy (GDPR).
Covered requirements
| Article | Requirement | Behavry answer |
|---|---|---|
| Art. 5(1)(c) | Data minimization | DLP Scanner auto-redaction, Data Protection Pipeline (metadata-only mode) |
| Art. 5(1)(f) | Integrity & confidentiality | Decision Trace hash chain, encrypted SIEM destinations |
| Art. 25 | Data protection by design | Policy-gated tool calls, default-deny OPA posture |
| Art. 30 | Records of processing activities | Audit log with categories, purpose tags, recipients |
| Art. 32 | Security of processing | Role-based access, SSO, Restricted Mode, Global Kill Switch |
| Art. 33 | Breach notification preparedness | Behavioral alerts, incident timeline in Decision Trace |
| Art. 34(1) | Subject rights support | DSAR export (see below) |
PII pattern coverage
The GDPR module activates an EU PII pattern set:
- Email addresses with domain risk tagging
- Phone numbers (E.164 and national formats)
- National ID numbers — DE (Steuer-ID), FR (INSEE), IT (codice fiscale), ES (DNI/NIE), etc.
- IBAN
- Passport numbers
- IP addresses (GDPR treats these as personal data)
Tagged gdpr:pii so policies and inbound rules can target the tag directly.
Data Subject Access Requests (DSAR)
A DSAR export produces everything the audit log knows about a specific data subject over a time window:
POST /api/v1/compliance/data-privacy/dsar
{ "subject_id": "user:alice@example.com", "start": "2025-01-01", "end": "2025-12-31" }
Returns:
- All audit events where the subject was involved (by email, by requester ID, by DLP hit)
- All Human AI Governance sessions attributed to the subject
- A PDF report formatted for DSAR delivery
Subject identification is a best-effort match on email, user ID, and pattern hits — reviewers should sanity-check the export before sending it out.
Right to erasure
The audit log is intentionally append-only (hash-chained, integrity-checked). Hard deletion is not supported because it breaks the chain. The redaction model is:
- The original event stays in the log (hash chain preserved)
- A redaction event replaces the sensitive fields with a
[redacted]placeholder referenced by a redaction token - Audit verification still passes; subsequent reads return the redacted form
This pattern is accepted practice under GDPR when integrity is a recognized competing obligation, but confirm with counsel for your specific regime.
Export
GET /api/v1/compliance/data-privacy/export?format=pdf|csv|json