mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Goa-gel-fullstack/Documentation/compliance/data-protection.md
Mahi 435889ee79 docs: Rebuild documentation as enterprise-grade TLAS platform 
- Migrate from custom HTTP server to VitePress framework
- Rename project to Tokenized License Approval System (TLAS)
- Add comprehensive documentation for all stakeholders:
  - Business: Executive summary, value proposition, governance
  - Operations: Infrastructure, installation, monitoring, backup
  - Departments: User guide, workflows, verification, issuance
  - Developers: API reference, authentication, webhooks, SDKs
  - Compliance: OWASP, DPDP Act, IT Act, audit framework
- Add modern theme with dark mode and full-text search
- Update Dockerfile for VitePress build process

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 00:05:20 -04:00

2.1 KiB
Raw Permalink Blame History

Data Protection

Data Classification

Classification Examples Handling
Public Published license numbers, verification status No restrictions
Internal Processing statistics, workflow configurations Staff access only
Confidential Applicant personal data, documents Role-based access
Restricted Authentication credentials, encryption keys System access only

Personal Data Inventory

Data Category Fields Purpose Retention
Identity Name, Aadhaar (masked), photo Applicant identification License validity + 7 years
Contact Email, phone, address Communication License validity + 7 years
Business Business name, registration License application License validity + 7 years
Documents Uploaded files Verification License validity + 7 years
Activity Login times, actions Audit 7 years

Data Subject Rights

Right to Access

Applicants can view all their personal data through the portal under "My Profile" and "My Applications."

Right to Correction

Applicants can request corrections through the portal. Changes require verification for critical fields.

Right to Erasure

Limited by legal retention requirements. Non-essential data can be erased upon request after license expiry.

Right to Portability

Data export available in JSON and PDF formats through the portal.

Data Security Controls

Encryption

State Method
At Rest AES-256 (database, files)
In Transit TLS 1.3
Backups AES-256 with separate key

Access Control

  • Role-based permissions
  • Department-level data isolation
  • Session timeout after inactivity
  • Failed login lockout

Anonymization

For analytics and reporting, personal identifiers are removed or pseudonymized.

Breach Response

  1. Detection and containment
  2. Impact assessment
  3. Notification to affected individuals (within 72 hours)
  4. Notification to CERT-In (as required)
  5. Root cause analysis
  6. Remediation
Reference in New Issue View Git Blame Copy Permalink