API Compliance & Audit Skill

Design compliant API patterns for GDPR, PCI-DSS, HIPAA, SOC2, and other regulatory frameworks.

GDPR Data Subject Rights Endpoints

POST /api/v1/privacy/data-export-request   — user requests copy of their data (Art. 20)
GET  /api/v1/privacy/data-export/{token}   — download export (after processing)
POST /api/v1/privacy/deletion-request      — right to erasure (Art. 17)
GET  /api/v1/privacy/deletion-status/{id}  — track deletion progress
POST /api/v1/privacy/rectification         — correct inaccurate personal data (Art. 16)
GET  /api/v1/privacy/consent               — get user's consent records
POST /api/v1/privacy/consent               — record/update consent
DELETE /api/v1/privacy/consent/{purpose}   — withdraw consent for a purpose
POST /api/v1/privacy/portability           — export data in machine-readable format