Back to Templates
π How it works
Handles GDPR Article 15 (access) and Article 17 (erasure) requests
end-to-end β from inbound email to legally-compliant response β with
zero manual intervention and a full audit trail.
- π¬ Monitors Gmail inbox for incoming data subject requests
- π€ AI Agent classifies the request (access or erasure), extracts the
requester email and data subject email with structured JSON output - ποΈ Queries Supabase for all personal data records matching the subject
- π Queries Airtable CRM for matching contact records
- π Second AI Agent compiles all found data into a GDPR-compliant HTML report
- βοΈ Access requests β sends a full data report to the requester
- ποΈ Erasure requests β deletes records from both Supabase and Airtable,
then sends a deletion confirmation - π Logs every request to Google Sheets with timestamp for your audit trail
π οΈ Set up steps
Estimated setup time: ~20 minutes
- Gmail Trigger β connect Gmail OAuth2; point it at your DSR inbox
- OpenAI β connect OpenAI API credential (used by both AI Agent nodes)
- Supabase β connect Supabase API credential; update the table name from
usersto match your schema - Airtable β connect Airtable Personal Access Token; replace
YOUR_BASE_IDandYOUR_TABLE_NAME - Google Sheets β connect Google Sheets OAuth2; replace
YOUR_AUDIT_SHEET_ID; create a tab namedDSR Audit Log - Follow the sticky notes inside the workflow for per-node guidance
π Prerequisites
- Gmail account receiving GDPR requests
- OpenAI API key (GPT-4o)
- Supabase project with a users/contacts table
- Airtable base with a Contacts table containing an
Emailfield - Google Sheets for audit log
Custom Workflow Request with Personal Dashboard
https://www.smartflowcraft.com/contact