GDPR Compliance

Elysium Nexus implements three core GDPR data subject rights with full audit trail coverage.

Article 15 — Right of Access (Data Export)

Tenants can export all data held on a specific customer via:

GET /api/v1/admin/gdpr/export/:customerId
Authorization: Bearer <admin-token>

Response includes:

  • Customer profile
  • All accounts
  • All transactions
  • Metadata and timestamps
  • Export timestamp and legal basis

The export is logged as an audit event with regulatoryRelevance: 'high'.

Article 17 — Right to Erasure

Permanent erasure of all customer data:

POST /api/v1/admin/gdpr/erase-customer/:customerId
Authorization: Bearer <admin-token>
Content-Type: application/json

{
  "reason": "Customer data subject request",
  "confirmEmail": "admin@tenant.com",
  "legalBasis": "consent_withdrawn"
}

This endpoint is idempotent. The email confirmation acts as a safety check against accidental erasure.

Response:

{
  "message": "Customer data permanently erased",
  "customerId": "customer-uuid",
  "erasedAt": "2026-02-19T10:30:00Z",
  "legalBasis": "consent_withdrawn"
}

Erasure operations are irreversible and logged with regulatoryRelevance: 'critical' and retentionCategory: 'permanent'.

Data Subject Request (DSR) Lifecycle

For managed DSR processing, the platform provides a full lifecycle:

Create DSR

POST /api/v1/admin/gdpr/dsr
Authorization: Bearer <admin-token>
Content-Type: application/json

{
  "customerId": "customer-uuid",
  "requestType": "erasure",
  "reason": "Customer request via email",
  "legalBasis": "consent_withdrawn"
}

List DSRs

GET /api/v1/admin/gdpr/dsr?status=pending
Authorization: Bearer <admin-token>

Update DSR Status

PATCH /api/v1/admin/gdpr/dsr/:id
Authorization: Bearer <admin-token>
Content-Type: application/json

{
  "status": "approved"
}

Auto-Process DSR

POST /api/v1/admin/gdpr/dsr/:id/process
Authorization: Bearer <admin-token>

Automatically executes the requested action (erasure, export, or restriction) based on the DSR type. Idempotent.

Erasure Audit Trail

GET /api/v1/admin/gdpr/erasure-logs
Authorization: Bearer <admin-token>

Returns all historical erasure operations with actor, timestamp, legal basis, and customer identifier. Available to admin and regulator roles.

Audit Accountability (Article 5)

All GDPR operations are captured in the tamper-evident audit trail:

  • Data exports are logged with regulatoryRelevance: 'high'
  • Erasure operations are logged with regulatoryRelevance: 'critical'
  • DSR lifecycle changes are logged with actor and timestamp
  • Erasure logs are retained permanently (never purged)

Implemented in services/api-gateway/src/routes/admin.ts at commit 4b572c2.

results matching ""

    No results matching ""