azaharizaman/nexus-gdpr

GDPR compliance extension for Nexus DataPrivacy package

Maintainers

Package info

github.com/azaharizaman/nexus-gdpr

pkg:composer/azaharizaman/nexus-gdpr

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v0.1.0-alpha1 2026-05-05 02:28 UTC

Requires

Requires (Dev)

MIT 6d9c2b61b0658855c0fa5378e31e94ed94b59af7

  • Nexus Team <team.woop@nexus.dev>

nexusgdprcompliancedata-privacyeu-regulation

This package is auto-updated.

Last update: 2026-05-05 02:51:21 UTC

README

EU General Data Protection Regulation (GDPR) Compliance Extension

Overview

Nexus\GDPR extends Nexus\DataPrivacy with EU-specific compliance requirements:

  • 30-day deadline for Data Subject Access Requests (DSARs)
  • 72-hour breach notification to supervisory authority
  • Specific lawful basis requirements (Article 6)
  • Special category data handling (Article 9)
  • Data transfer rules for third countries

Installation

composer require azaharizaman/nexus-gdpr

Key Features

1. GDPR Deadline Enforcement

use Nexus\GDPR\Services\GdprComplianceService;
use Nexus\DataPrivacy\ValueObjects\DataSubjectRequest;

$service = new GdprComplianceService($requestManager);

// Get deadline for DSAR (30 calendar days)
$deadline = $service->calculateDeadline($request);

// Check if extension is allowed (up to 2 months for complex requests)
$canExtend = $service->canExtendDeadline($request);

2. Breach Notification Deadlines

use Nexus\GDPR\Services\GdprBreachService;

$service = new GdprBreachService($breachManager);

// Calculate 72-hour notification deadline
$deadline = $service->getNotificationDeadline($breach);

// Check if notification is overdue
$isOverdue = $service->isNotificationOverdue($breach);

3. Lawful Basis Validation

use Nexus\GDPR\Services\LawfulBasisValidator;
use Nexus\DataPrivacy\Enums\LawfulBasisType;

$validator = new LawfulBasisValidator();

// Validate processing activity has valid lawful basis
$isValid = $validator->validate($processingActivity);

// Check if consent is required for purpose
$needsConsent = $validator->requiresConsent(LawfulBasisType::CONSENT);

GDPR-Specific Deadlines

Requirement Deadline Extension
DSAR Response 30 days +2 months (complex)
Breach Notification 72 hours None
Consent Withdrawal Immediate None
Data Portability 30 days +2 months (complex)

Architecture

This package extends Nexus\DataPrivacy without modifying it:

Nexus\GDPR
├── Services/
│   ├── GdprComplianceService    # Deadline calculations
│   ├── GdprBreachService        # 72-hour notification
│   └── LawfulBasisValidator     # Article 6 validation
├── ValueObjects/
│   └── GdprDeadline             # Deadline with extension rules
└── Enums/
    └── GdprLawfulBasis          # GDPR-specific bases

Usage with DataPrivacy

// Register GDPR-specific handlers
$registry = new RequestHandlerRegistry();
$registry->register(new GdprAccessRequestHandler($gdprService));

// Validate GDPR compliance
$complianceService->validateGdprCompliance($request);

License

MIT License