oxigdal-security 0.1.4

Enterprise security features for OxiGDAL: encryption, access control, compliance
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! GDPR compliance.

use crate::compliance::{ComplianceCheckResult, ComplianceStandard};
use serde::{Deserialize, Serialize};

/// GDPR data subject rights.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum DataSubjectRight {
    /// Right to access.
    Access,
    /// Right to rectification.
    Rectification,
    /// Right to erasure ("right to be forgotten").
    Erasure,
    /// Right to restrict processing.
    Restriction,
    /// Right to data portability.
    Portability,
    /// Right to object.
    Object,
}

/// GDPR compliance checker.
pub struct GdprCompliance {
    encryption_enabled: bool,
    audit_logging_enabled: bool,
    consent_management_enabled: bool,
    data_retention_policy: bool,
}

impl GdprCompliance {
    /// Create new GDPR compliance checker.
    pub fn new() -> Self {
        Self {
            encryption_enabled: false,
            audit_logging_enabled: false,
            consent_management_enabled: false,
            data_retention_policy: false,
        }
    }

    /// Enable encryption.
    pub fn with_encryption(mut self, enabled: bool) -> Self {
        self.encryption_enabled = enabled;
        self
    }

    /// Enable audit logging.
    pub fn with_audit_logging(mut self, enabled: bool) -> Self {
        self.audit_logging_enabled = enabled;
        self
    }

    /// Enable consent management.
    pub fn with_consent_management(mut self, enabled: bool) -> Self {
        self.consent_management_enabled = enabled;
        self
    }

    /// Enable data retention policy.
    pub fn with_data_retention_policy(mut self, enabled: bool) -> Self {
        self.data_retention_policy = enabled;
        self
    }

    /// Check compliance.
    pub fn check(&self) -> ComplianceCheckResult {
        let mut issues = Vec::new();
        let mut recommendations = Vec::new();

        if !self.encryption_enabled {
            issues.push("Encryption not enabled for personal data".to_string());
            recommendations.push("Enable encryption at rest for all personal data".to_string());
        }

        if !self.audit_logging_enabled {
            issues.push("Audit logging not enabled".to_string());
            recommendations.push("Enable comprehensive audit logging".to_string());
        }

        if !self.consent_management_enabled {
            issues.push("Consent management not enabled".to_string());
            recommendations.push("Implement consent management system".to_string());
        }

        if !self.data_retention_policy {
            issues.push("Data retention policy not defined".to_string());
            recommendations.push("Define and implement data retention policy".to_string());
        }

        ComplianceCheckResult {
            standard: ComplianceStandard::GDPR,
            compliant: issues.is_empty(),
            issues,
            recommendations,
        }
    }
}

impl Default for GdprCompliance {
    fn default() -> Self {
        Self::new()
    }
}

/// Data subject access request (DSAR).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct DataSubjectAccessRequest {
    /// Request ID.
    pub id: String,
    /// Data subject identifier.
    pub data_subject_id: String,
    /// Rights being exercised.
    pub rights: Vec<DataSubjectRight>,
    /// Request timestamp.
    pub requested_at: chrono::DateTime<chrono::Utc>,
    /// Status.
    pub status: DsarStatus,
}

/// DSAR status.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
pub enum DsarStatus {
    /// Pending.
    Pending,
    /// Processing.
    Processing,
    /// Completed.
    Completed,
    /// Rejected.
    Rejected,
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_gdpr_compliance_check() {
        let checker = GdprCompliance::new()
            .with_encryption(true)
            .with_audit_logging(true)
            .with_consent_management(false)
            .with_data_retention_policy(true);

        let result = checker.check();
        assert!(!result.compliant);
        assert_eq!(result.issues.len(), 1);
    }
}