Back to Templates
🚀 How it works
Handles GDPR Article 15 (access) and Article 17 (erasure) requests
end-to-end — from inbound email to legally-compliant response — with
zero manual intervention and a full audit trail.
- 📬 Monitors Gmail inbox for incoming data subject requests
- 🤖 AI Agent classifies the request (access or erasure), extracts the
requester email and data subject email with structured JSON output - 🗄️ Queries Supabase for all personal data records matching the subject
- 📋 Queries Airtable CRM for matching contact records
- 📝 Second AI Agent compiles all found data into a GDPR-compliant HTML report
- ✉️ Access requests — sends a full data report to the requester
- 🗑️ Erasure requests — deletes records from both Supabase and Airtable,
then sends a deletion confirmation - 🔒 Logs every request to Google Sheets with timestamp for your audit trail
🛠️ Set up steps
Estimated setup time: ~20 minutes
- Gmail Trigger — connect Gmail OAuth2; point it at your DSR inbox
- OpenAI — connect OpenAI API credential (used by both AI Agent nodes)
- Supabase — connect Supabase API credential; update the table name from
usersto match your schema - Airtable — connect Airtable Personal Access Token; replace
YOUR_BASE_IDandYOUR_TABLE_NAME - Google Sheets — connect Google Sheets OAuth2; replace
YOUR_AUDIT_SHEET_ID; create a tab namedDSR Audit Log - Follow the sticky notes inside the workflow for per-node guidance
📋 Prerequisites
- Gmail account receiving GDPR requests
- OpenAI API key (GPT-4o)
- Supabase project with a users/contacts table
- Airtable base with a Contacts table containing an
Emailfield - Google Sheets for audit log
Custom Workflow Request with Personal Dashboard
https://www.smartflowcraft.com/contact