Keyboard shortcuts

Press โ† or โ†’ to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Privacy Template

The privacy template provides a complete LGPD/GDPR/CCPA-compliant Privacy Rights Center, enabling users to exercise their data protection rights through a conversational interface.

Topic: Data Privacy & Compliance

This template is perfect for:

  • LGPD compliance (Brazil)
  • GDPR compliance (EU)
  • CCPA compliance (California)
  • Data subject rights management
  • Consent management portals

The Code

ADD TOOL "request-data"
ADD TOOL "export-data"
ADD TOOL "delete-data"
ADD TOOL "manage-consents"
ADD TOOL "rectify-data"
ADD TOOL "object-processing"

USE KB "privacy.gbkb"

CLEAR SUGGESTIONS

ADD SUGGESTION "access" AS "View my data"
ADD SUGGESTION "export" AS "Export my data"
ADD SUGGESTION "delete" AS "Delete my data"
ADD SUGGESTION "consents" AS "Manage consents"
ADD SUGGESTION "correct" AS "Correct my data"
ADD SUGGESTION "object" AS "Object to processing"

SET CONTEXT "privacy rights" AS "You are a Privacy Rights Center assistant helping users exercise their data protection rights under LGPD, GDPR, and CCPA. Help with data access, rectification, erasure, portability, and consent management."

BEGIN TALK
**Privacy Rights Center**

As a data subject, you have the following rights:

1. **Access** - View all data we hold about you
2. **Rectification** - Correct inaccurate data
3. **Erasure** - Request deletion of your data
4. **Portability** - Export your data
5. **Object** - Opt-out of certain processing
6. **Consent** - Review and update your consents

Select an option or describe your request.
END TALK

BEGIN SYSTEM PROMPT
You are a Privacy Rights Center assistant for LGPD/GDPR/CCPA compliance.

Data subject rights:
- Right of Access: View all personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete personal data (right to be forgotten)
- Right to Portability: Export data in machine-readable format
- Right to Object: Opt-out of marketing, profiling, etc.
- Consent Management: Review and withdraw consents

Always verify identity before processing sensitive requests.
Log all privacy requests for compliance audit.
Provide clear timelines for request fulfillment.
Escalate complex requests to the Data Protection Officer.
END SYSTEM PROMPT

Sample Dialogs

These conversations show how the privacy template works in real-world scenarios.

Dialog 1: Data Access Request

Dialog 2: Data Deletion Request

Dialog 4: Data Export (Portability)

Keywords Used

KeywordPurpose
ADD TOOLRegister privacy rights tools
USE KBLoad privacy policy knowledge base
ADD SUGGESTIONCreate quick action buttons for rights
SET CONTEXTDefine privacy assistant behavior
BEGIN TALKWelcome message with rights summary
BEGIN SYSTEM PROMPTCompliance rules and procedures

Template Structure

privacy.gbai/
โ”œโ”€โ”€ privacy.gbdialog/
โ”‚   โ”œโ”€โ”€ start.bas           # Main entry point
โ”‚   โ”œโ”€โ”€ request-data.bas    # Data access requests
โ”‚   โ”œโ”€โ”€ export-data.bas     # Data portability
โ”‚   โ”œโ”€โ”€ delete-data.bas     # Right to erasure
โ”‚   โ”œโ”€โ”€ manage-consents.bas # Consent management
โ”‚   โ””โ”€โ”€ rectify-data.bas    # Data correction
โ”œโ”€โ”€ privacy.gbot/
โ”‚   โ””โ”€โ”€ config.csv          # Configuration
โ”œโ”€โ”€ privacy.gbkb/
โ”‚   โ””โ”€โ”€ privacy-policy.md   # Privacy documentation
โ””โ”€โ”€ privacy.gbui/
    โ””โ”€โ”€ index.html          # Web portal UI

Data Subject Rights by Regulation

RightLGPD (Brazil)GDPR (EU)CCPA (California)
AccessArt. 18Art. 15ยง1798.100
RectificationArt. 18 IIIArt. 16-
ErasureArt. 18 VIArt. 17ยง1798.105
PortabilityArt. 18 VArt. 20ยง1798.100
ObjectArt. 18 IVArt. 21ยง1798.120
ConsentArt. 8Art. 7ยง1798.135

Response Deadlines

RegulationStandardExtended
LGPD15 days-
GDPR30 days90 days (complex)
CCPA45 days90 days

Request Data Tool: request-data.bas

PARAM request_type AS STRING LIKE "full" DESCRIPTION "Type of data request: full, summary, specific"

DESCRIPTION "Process a data access request (Right of Access)"

' Verify identity first
TALK "๐Ÿ” To protect your privacy, I need to verify your identity."
TALK "I'll send a verification code to your registered email."

code = FORMAT(RANDOM(100000, 999999))
SET BOT MEMORY "verification_code_" + user_id, code
SET BOT MEMORY "verification_expiry_" + user_id, DATEADD(NOW(), 10, "minutes")

SEND MAIL user_email, "Privacy Request Verification", "Your verification code is: " + code

TALK "Please enter the 6-digit code sent to your email:"
HEAR entered_code

stored_code = GET BOT MEMORY("verification_code_" + user_id)
expiry = GET BOT MEMORY("verification_expiry_" + user_id)

IF entered_code <> stored_code OR NOW() > expiry THEN
    TALK "โŒ Invalid or expired code. Please try again."
    RETURN NULL
END IF

' Log the request for compliance
WITH request
    id = "ACC-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999))
    user_id = user_id
    type = "access"
    status = "processing"
    created_at = NOW()
    deadline = DATEADD(NOW(), 15, "days")
END WITH

SAVE "privacy_requests.csv", request

' Retrieve user data
userData = FIND "users.csv", "id = '" + user_id + "'"
activityData = FIND "activity_log.csv", "user_id = '" + user_id + "'"
consents = FIND "consents.csv", "user_id = '" + user_id + "'"

TALK "โœ… Identity verified. Here's your data:"
TALK ""
TALK "**๐Ÿ“‹ Personal Information**"
TALK "โ€ข Name: " + userData.name
TALK "โ€ข Email: " + MASK_EMAIL(userData.email)
TALK "โ€ข Account created: " + FORMAT(userData.created_at, "MMM DD, YYYY")
TALK ""
TALK "**๐Ÿ“Š Activity Summary**"
TALK "โ€ข Total activities: " + UBOUND(activityData)
TALK "โ€ข Last activity: " + FORMAT(activityData[1].timestamp, "MMM DD, YYYY")
TALK ""
TALK "**๐Ÿ”” Consent Status**"
FOR EACH consent IN consents
    status_icon = IIF(consent.granted, "โœ…", "โŒ")
    TALK "โ€ข " + consent.purpose + ": " + status_icon
NEXT

TALK ""
TALK "Request ID: **" + request.id + "**"
TALK "Would you like a full export of your data?"

RETURN request.id

Delete Data Tool: delete-data.bas

PARAM confirm AS STRING LIKE "yes" DESCRIPTION "Confirmation to proceed with deletion"

DESCRIPTION "Process a data erasure request (Right to be Forgotten)"

' Warn about consequences
TALK "โš ๏ธ **Data Deletion Request**"
TALK ""
TALK "This will permanently delete:"
TALK "โ€ข Your profile and personal information"
TALK "โ€ข Activity history and preferences"
TALK "โ€ข Communication history"
TALK ""
TALK "**Note:** Some data may be retained for legal compliance:"
TALK "โ€ข Financial records (tax requirements)"
TALK "โ€ข Fraud prevention data"
TALK "โ€ข Legal dispute documentation"
TALK ""
TALK "Type **DELETE MY DATA** to confirm this irreversible action:"

HEAR confirmation

IF UPPER(confirmation) <> "DELETE MY DATA" THEN
    TALK "Deletion cancelled. Your data remains unchanged."
    RETURN NULL
END IF

' Create deletion request
WITH request
    id = "DEL-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999))
    user_id = user_id
    type = "erasure"
    status = "pending_verification"
    created_at = NOW()
    deadline = DATEADD(NOW(), 15, "days")
END WITH

SAVE "privacy_requests.csv", request

' Send verification email
verification_link = "https://privacy.company.com/verify/" + request.id
SEND MAIL user_email, "Confirm Data Deletion Request", 
    "Click to confirm your data deletion request:\n\n" + verification_link + 
    "\n\nThis link expires in 24 hours.\n\nRequest ID: " + request.id

TALK "๐Ÿ“ง A verification email has been sent."
TALK "Please click the link to confirm your deletion request."
TALK ""
TALK "**Timeline:**"
TALK "โ€ข Verification: 24 hours"
TALK "โ€ข Processing: 15 business days (LGPD) / 30 days (GDPR)"
TALK ""
TALK "Request ID: **" + request.id + "**"

RETURN request.id

Customization Ideas

Add Identity Verification Options

TALK "How would you like to verify your identity?"
ADD SUGGESTION "email" AS "Email verification"
ADD SUGGESTION "sms" AS "SMS verification"
ADD SUGGESTION "id" AS "Upload ID document"

HEAR method

SWITCH method
    CASE "email"
        ' Send email code
    CASE "sms"
        ' Send SMS code
    CASE "id"
        TALK "Please upload a photo of your government-issued ID."
        HEAR id_upload AS FILE
        ' Process ID verification
END SWITCH

Add DPO Escalation

' For complex requests
IF request_complexity = "high" THEN
    TALK "This request requires review by our Data Protection Officer."
    TALK "You will be contacted within 5 business days."
    
    SEND MAIL "dpo@company.com", "Privacy Request Escalation",
        "Request ID: " + request.id + "\n" +
        "Type: " + request.type + "\n" +
        "User: " + user_email + "\n" +
        "Reason: Complex request requiring DPO review"
END IF

Add Audit Logging

' Log all privacy operations
WITH auditLog
    timestamp = NOW()
    request_id = request.id
    user_id = user_id
    action = "data_access"
    ip_address = GET_CLIENT_IP()
    user_agent = GET_USER_AGENT()
    result = "success"
END WITH

SAVE "privacy_audit_log.csv", auditLog

Best Practices

  1. Always Verify Identity: Never provide data without verification
  2. Log Everything: Maintain audit trails for compliance
  3. Clear Timelines: Communicate response deadlines clearly
  4. Explain Retention: Be transparent about what data is retained and why
  5. Easy Consent Management: Make it simple to change preferences
  6. Secure Communications: Use encrypted channels for sensitive data