Classes
struct	ColumnClassification
	Column-level data classification descriptor. More...

struct	DPIARecord
	Data Protection Impact Assessment record per GDPR Art. 35. More...

struct	PolicyValidationResult
	Validation result for GDPR writer policy. More...

struct	ProcessingActivity
	Record of Processing Activity per GDPR Art. 30. More...

struct	PseudonymConfig
	Pseudonymizer configuration. More...

struct	RetentionPolicy
	Retention policy for a dataset or column. More...

struct	SubjectDataQuery
	DSAR query parameters for finding subject data across files. More...

struct	SubjectDataResponse
	DSAR response record. More...

Enumerations
enum class	DataClassification : int32_t { PUBLIC = 0 , INTERNAL = 1 , PERSONAL = 2 , SENSITIVE = 3 , PSEUDONYMIZED = 4 , ANONYMIZED = 5 }
	Data classification levels for GDPR compliance. More...

enum class	PseudonymStrategy : int32_t { HMAC_SHA256 = 0 , RANDOM_TOKEN = 1 }
	Pseudonymization strategy. More...

Functions
bool	requires_encryption (DataClassification c)
	Check if a classification level requires encryption under GDPR Art.

bool	allows_pseudonymization (DataClassification c)
	Check if a classification level allows pseudonymization.

void	pseudonymize_hmac (const uint8_t key, size_t key_size, const uint8_t value, size_t value_size, char *out, size_t out_size)
	Pseudonymize a value using HMAC-SHA256.

PolicyValidationResult	validate_gdpr_policy (const std::vector< ColumnClassification > &classifications, const std::vector< std::string > &encrypted_columns)
	Validate that all PII-classified columns have encryption keys.

bool	is_expired (const RetentionPolicy &policy, int64_t data_created_ns, int64_t now_ns)
	Check if data has exceeded its retention period.

Enumeration Type Documentation

◆ DataClassification

enum class signet::forge::gdpr::DataClassification : int32_t

strong

Data classification levels for GDPR compliance.

Assign one of these to each Parquet column to drive automatic encryption and pseudonymization policies.

Enumerator
PUBLIC	Non-personal, no restrictions.
INTERNAL	Internal business data, not personal.
PERSONAL	Personal data (GDPR Art. 4(1)): name, email, phone.
SENSITIVE	Special category data (GDPR Art. 9): health, race, religion.
PSEUDONYMIZED	Already pseudonymized (Art. 4(5)).
ANONYMIZED	Fully anonymized — outside GDPR scope.

Definition at line 417 of file compliance_types.hpp.

◆ PseudonymStrategy

enum class signet::forge::gdpr::PseudonymStrategy : int32_t

strong

Pseudonymization strategy.

Enumerator
HMAC_SHA256	HMAC-SHA256 hash (deterministic, irreversible).
RANDOM_TOKEN	Random token (non-deterministic, requires mapping table).

Definition at line 831 of file compliance_types.hpp.

Function Documentation

◆ allows_pseudonymization()

bool signet::forge::gdpr::allows_pseudonymization ( DataClassification c )

inline

Check if a classification level allows pseudonymization.

Returns: true if the data should be pseudonymized when possible.

Definition at line 446 of file compliance_types.hpp.

◆ is_expired()

bool signet::forge::gdpr::is_expired	(	const RetentionPolicy &	policy,
		int64_t	data_created_ns,
		int64_t	now_ns
	)

inline

Check if data has exceeded its retention period.

Parameters

policy	Retention policy.
data_created_ns	Data creation timestamp (ns since epoch).
now_ns	Current timestamp (ns since epoch).

Returns: true if the data is past its retention period and not on legal hold.

Definition at line 982 of file compliance_types.hpp.

◆ pseudonymize_hmac()

void signet::forge::gdpr::pseudonymize_hmac	(	const uint8_t *	key,
		size_t	key_size,
		const uint8_t *	value,
		size_t	value_size,
		char *	out,
		size_t	out_size
	)

inline

Pseudonymize a value using HMAC-SHA256.

Produces a deterministic, irreversible hex string pseudonym. Same (key, value) always produces the same pseudonym, enabling consistent joins across pseudonymized datasets.

Parameters

key	Secret pseudonymization key (min 32 bytes recommended).
key_size	Key size in bytes.
value	Plaintext value to pseudonymize.
value_size	Value size in bytes.
out	Output buffer for hex string (must be at least 64 bytes for full hash).
out_size	Number of hex characters to write (max 64).

Definition at line 855 of file compliance_types.hpp.

◆ requires_encryption()

bool signet::forge::gdpr::requires_encryption ( DataClassification c )

inline

Check if a classification level requires encryption under GDPR Art.

32.

Returns: true if the data classification mandates encryption at rest.

Definition at line 440 of file compliance_types.hpp.

◆ validate_gdpr_policy()

PolicyValidationResult signet::forge::gdpr::validate_gdpr_policy	(	const std::vector< ColumnClassification > &	classifications,
		const std::vector< std::string > &	encrypted_columns
	)

inline

Validate that all PII-classified columns have encryption keys.

Parameters

classifications	Column classifications (from G-2).
encrypted_columns	Set of column names that have encryption keys.

Returns: Validation result with list of violations (if any).

Definition at line 913 of file compliance_types.hpp.

Classes

Enumerations

Functions

Enumeration Type Documentation

◆ DataClassification

◆ PseudonymStrategy

Function Documentation

◆ allows_pseudonymization()

◆ is_expired()

◆ pseudonymize_hmac()

◆ requires_encryption()

◆ validate_gdpr_policy()