kartinov/gdpr-toolkit

GDPR toolkit for Laravel

Maintainers

Package info

github.com/Kartinov/gdpr-toolkit

pkg:composer/kartinov/gdpr-toolkit

Transparency log

Statistics

Installs: 396

Dependents: 0

Suggesters: 0

Stars: 2

Open Issues: 0

v1.0.3 2026-07-04 10:31 UTC

This package is auto-updated.

Last update: 2026-07-04 17:22:22 UTC


README

Latest Stable Version Total Downloads License GDPR Developer Guide

A lightweight package to help Laravel developers address GDPR requirements by scanning your database for personally identifiable information and generating a draft Record of Processing Activities (RoPA).

📖 New to GDPR? Read our plain-English GDPR Basics for Developers guide to learn how privacy-by-design impacts your migrations, logging, and database relationships.

Installation

Require the package via Composer:

composer require kartinov/gdpr-toolkit

Publish the configuration file:

php artisan vendor:publish --provider="Kartinov\GdprToolkit\GdprToolkitServiceProvider"

Configuration

Open the published config/gdpr-toolkit.php and adjust the settings to match your application.

Usage

Scanning

Run the scan to generate a draft RoPA:

php artisan gdpr:scan

This inspects your Eloquent models and database tables, detects personally identifiable information via column-name heuristics and foreign key relationships, and writes the result to:

storage/app/gdpr-ropa.json

Output format

{
    "generated_at": "2026-07-04T09:18:08+00:00",
    "total_tables_with_personal_data": 2,
    "data_map": {
        "User": {
            "fields": [
                "name",
                "email"
            ],
            "shipping_addresses": [
                "address",
                "city",
                "state",
                "zip",
                "country",
                "phone"
            ]
        }
    }
}

Each subject model maps to:

  • fields — personal data columns on the subject's own table
  • {related_table} — personal data columns on tables linked by foreign key

Marking models with HasPersonalData

Attach the HasPersonalData trait to any Eloquent model and declare its personal data fields:

use Kartinov\GdprToolkit\Traits\HasPersonalData;

class User extends Authenticatable
{
    use HasPersonalData;

    protected array $personalData = [
        'name',
        'email',
        'phone',
        'address',
    ];
}

The trait provides one method:

$user->exportPersonalData(); // Returns array of field => value

Exporting personal data (Article 15 / 20)

Generate a complete personal data export for a specific subject:

php artisan gdpr:export App\\Models\\User 1
php artisan gdpr:export App\\Models\\User john@example.com --output=storage/app/user_1_gdpr_export.json
  • First argument: fully qualified model class (e.g. App\Models\User)
  • Second argument: identifier — ID or email
  • --output (optional): custom output path, defaults to storage/app/gdpr-export.json

The export includes the subject's own personal fields plus all related table records linked by foreign key.

Important Disclaimer

This toolkit is a developer aid, not a legal service. The RoPA it generates is a technical draft — it does not guarantee GDPR compliance. Always have your records reviewed by a qualified legal professional before relying on them for regulatory purposes.

License

This package is open-sourced software licensed under the MIT license.
See the LICENSE file for details.