{ "name": "GDPR & Privacy Policy Compliance Scanner", "nodes": [ { "parameters": { "content": "## \ud83d\udd12 GDPR Compliance Scanner\n\n### How it works\n1. Watches Google Drive folder for privacy policy uploads\n2. Downloads and analyzes document for GDPR compliance\n3. Extracts data controller, DPO, legal bases, user rights\n4. Calculates compliance score based on required elements\n5. Identifies gaps and missing GDPR requirements\n6. Logs results to Google Sheets compliance tracker\n7. Sends Slack alert if compliance issues found\n\n### Setup steps\n1. Create Google Drive folder for privacy policy documents\n2. Get PDF Vector API key from pdfvector.com/api-keys\n3. Create Google Sheet with columns: Company, Last Updated, Compliance Score, Status, User Rights Score, Missing Rights, Gaps Found, Third Parties, Has DPO, International Transfers, Scanned Date\n4. Connect Google Drive, Sheets, and Slack credentials\n5. Update folder ID and spreadsheet ID in nodes\n\n### Perfect for\n- Legal teams reviewing vendor policies\n- Compliance officers auditing data practices\n- Data protection officers (DPOs)\n- Business owners ensuring GDPR compliance", "height": 580, "width": 380, "color": 5 }, "id": "sticky-main", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "typeVersion": 1, "position": [ -140, 40 ] }, { "parameters": { "content": "## \u26a0\ufe0f Compliance Checks\n\n- Lawful basis for processing\n- DPO contact information\n- Right to access\n- Right to rectification\n- Right to erasure\n- Right to portability\n- Right to object\n- Breach notification policy\n- International transfer safeguards", "height": 260, "width": 220 }, "id": "sticky-flags", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "typeVersion": 1, "position": [ 500, -60 ] }, { "parameters": { "pollTimes": { "item": [ { "mode": "everyMinute" } ] }, "triggerOn": "specificFolder", "folderToWatch": { "__rl": true, "value": "YOUR_FOLDER_ID", "mode": "list", "cachedResultName": "Privacy Policies" }, "event": "fileCreated", "options": {} }, "id": "gdrive-trigger", "name": "Google Drive Trigger", "type": "n8n-nodes-base.googleDriveTrigger", "typeVersion": 1, "position": [ 280, 260 ], "credentials": { "googleDriveOAuth2Api": { "name": "" } } }, { "parameters": { "operation": "download", "fileId": "={{ $json.id }}", "options": {} }, "id": "gdrive-download", "name": "Download Document", "type": "n8n-nodes-base.googleDrive", "typeVersion": 3, "position": [ 480, 260 ], "credentials": { "googleDriveOAuth2Api": { "name": "" } } }, { "parameters": { "operation": "extract", "inputType": "file", "prompt": "Analyze this privacy policy or data protection document for GDPR compliance as flat fields. companyName, documentTitle, lastUpdated (YYYY-MM-DD), dataControllerName, dataControllerAddress, dpoName, dpoEmail, dpoPhone, hasDpo (true/false), dataCollectedList (semicolon-separated types of personal data collected), legalBasesList (semicolon-separated legal bases: consent/contract/legal obligation/vital interests/public task/legitimate interests), retentionSummary (semicolon-separated formatted as: dataType retentionPeriod), thirdPartiesList (semicolon-separated third parties data is shared with), internationalTransfers (true/false), transferCountries (semicolon-separated), safeguardMechanisms, userRightsList (semicolon-separated rights mentioned: access/rectification/erasure/portability/restriction/objection/withdraw-consent), missingRightsList (semicolon-separated GDPR rights NOT mentioned), complianceGapsList (semicolon-separated compliance issues found), complianceScore (number 0-100), complianceStatus (one of: Compliant, Partially Compliant, Non-Compliant).", "schema": "{\"type\": \"object\", \"properties\": {\"companyName\": {\"type\": \"string\"}, \"documentTitle\": {\"type\": \"string\"}, \"lastUpdated\": {\"type\": \"string\"}, \"dataControllerName\": {\"type\": \"string\"}, \"dataControllerAddress\": {\"type\": \"string\"}, \"dpoName\": {\"type\": \"string\"}, \"dpoEmail\": {\"type\": \"string\"}, \"dpoPhone\": {\"type\": \"string\"}, \"hasDpo\": {\"type\": \"boolean\"}, \"dataCollectedList\": {\"type\": \"string\"}, \"legalBasesList\": {\"type\": \"string\"}, \"retentionSummary\": {\"type\": \"string\"}, \"thirdPartiesList\": {\"type\": \"string\"}, \"internationalTransfers\": {\"type\": \"boolean\"}, \"transferCountries\": {\"type\": \"string\"}, \"safeguardMechanisms\": {\"type\": \"string\"}, \"userRightsList\": {\"type\": \"string\"}, \"missingRightsList\": {\"type\": \"string\"}, \"complianceGapsList\": {\"type\": \"string\"}, \"complianceScore\": {\"type\": \"number\"}, \"complianceStatus\": {\"type\": \"string\"}}, \"additionalProperties\": false}" }, "id": "pdfvector-extract", "name": "PDF Vector - Analyze Policy", "type": "n8n-nodes-pdfvector.pdfVector", "typeVersion": 2, "position": [ 680, 260 ], "credentials": { "pdfVectorApi": { "name": "" } } }, { "parameters": { "jsCode": "const data = ($input.first().json?.data || $input.first().json) || {};\nconst fileName = $('Google Drive Trigger').item.json.name;\nconst fileId = $('Google Drive Trigger').item.json.id;\n\nconst gaps = (data.complianceGapsList || '').split(';').filter(g => g.trim());\nconst rights = (data.userRightsList || '').split(';').filter(r => r.trim());\nconst missing = (data.missingRightsList || '').split(';').filter(r => r.trim());\nconst thirdParties = (data.thirdPartiesList || '').split(';').filter(t => t.trim());\n\nreturn [{ json: {\n companyName: data.companyName || 'Unknown',\n documentTitle: data.documentTitle || 'N/A',\n lastUpdated: data.lastUpdated || 'N/A',\n complianceScore: parseFloat(data.complianceScore) || 0,\n complianceStatus: data.complianceStatus || 'Unknown',\n status: data.complianceStatus || 'Unknown',\n hasDpo: data.hasDpo || false,\n hasDPO: data.hasDpo || false,\n dpoName: data.dpoName || 'N/A',\n dpoEmail: data.dpoEmail || 'N/A',\n userRightsList: data.userRightsList || 'None',\n coveredRights: rights.join('; ') || 'None',\n missingRightsList: data.missingRightsList || 'None',\n missingRights: missing.join('; ') || 'None',\n complianceGapsList: data.complianceGapsList || 'None',\n gapsList: gaps.join('\\n') || 'None',\n thirdPartiesList: data.thirdPartiesList || 'None',\n thirdPartyCount: thirdParties.length,\n internationalTransfers: data.internationalTransfers || false,\n hasInternationalTransfers: data.internationalTransfers || false,\n transferCountries: data.transferCountries || 'N/A',\n dataCollectedList: data.dataCollectedList || 'N/A',\n legalBasesList: data.legalBasesList || 'N/A',\n gapCount: gaps.length,\n rightsScore: rights.length,\n missingCount: missing.length,\n fileName, fileId,\n processedAt: new Date().toISOString()\n}}];" }, "id": "analyze-compliance", "name": "Analyze Compliance", "type": "n8n-nodes-base.code", "typeVersion": 2, "position": [ 880, 260 ] }, { "parameters": { "operation": "append", "documentId": { "__rl": true, "value": "YOUR_SPREADSHEET_ID", "mode": "list", "cachedResultName": "Compliance Tracker" }, "sheetName": { "__rl": true, "value": "gid=0", "mode": "list", "cachedResultName": "Scans" }, "columns": { "mappingMode": "defineBelow", "value": { "Company": "={{ $json.companyName }}", "Last Updated": "={{ $json.lastUpdated }}", "Compliance Score": "={{ $json.complianceScore }}", "Status": "={{ $json.complianceStatus }}", "User Rights Score": "={{ $json.rightsScore }}", "Missing Rights": "={{ $json.missingRightsList }}", "Gaps Found": "={{ $json.gapCount }}", "Third Parties": "={{ $json.thirdPartiesList }}", "Has DPO": "={{ $json.hasDpo ? 'Yes' : 'No' }}", "International Transfers": "={{ $json.internationalTransfers ? 'Yes' : 'No' }}", "Scanned Date": "={{ $json.processedAt.split('T')[0] }}" }, "matchingColumns": [], "schema": [ { "id": "Company", "displayName": "Company", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Last Updated", "displayName": "Last Updated", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Compliance Score", "displayName": "Compliance Score", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Status", "displayName": "Status", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "User Rights Score", "displayName": "User Rights Score", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Missing Rights", "displayName": "Missing Rights", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Gaps Found", "displayName": "Gaps Found", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Third Parties", "displayName": "Third Parties", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Has DPO", "displayName": "Has DPO", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "International Transfers", "displayName": "International Transfers", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true }, { "id": "Scanned Date", "displayName": "Scanned Date", "required": false, "defaultMatch": false, "display": true, "type": "string", "canBeUsedToMatch": true } ], "attemptToConvertTypes": false, "convertFieldsToString": false }, "options": {} }, "id": "sheets-log", "name": "Log Compliance Scan", "type": "n8n-nodes-base.googleSheets", "typeVersion": 4.4, "position": [ 1080, 260 ], "credentials": { "googleSheetsOAuth2Api": { "name": "" } } }, { "parameters": { "conditions": { "options": { "caseSensitive": true, "leftValue": "", "typeValidation": "strict" }, "conditions": [ { "id": "condition-compliance", "leftValue": "={{ $json.Status }}", "rightValue": "Compliant", "operator": { "type": "string", "operation": "notEquals" } } ], "combinator": "and" }, "options": {} }, "id": "if-issues", "name": "Has Issues?", "type": "n8n-nodes-base.if", "typeVersion": 2, "position": [ 1280, 260 ] }, { "parameters": { "authentication": "oAuth2", "select": "channel", "channelId": { "__rl": true, "value": "YOUR_SLACK_CHANNEL_ID", "mode": "list", "cachedResultName": "compliance-alerts" }, "text": "=\ud83d\udd12 *GDPR Compliance Scan Complete*\n\n*Company:* {{ $('Analyze Compliance').item.json.companyName }}\n*Policy Updated:* {{ $('Analyze Compliance').item.json.lastUpdated || 'Not specified' }}\n\n\ud83d\udcca *Compliance Score:* {{ $('Analyze Compliance').item.json.complianceScore }}%\n\u26a0\ufe0f *Status:* {{ $('Analyze Compliance').item.json.status }}\n\n\ud83d\udc64 *User Rights Score:* {{ $('Analyze Compliance').item.json.rightsScore }}/7 rights\n\u2705 *Covered:* {{ $('Analyze Compliance').item.json.coveredRights || 'None' }}\n\u274c *Missing:* {{ $('Analyze Compliance').item.json.missingRights || 'None' }}\n\n\ud83d\udd0d *Compliance Gaps ({{ $('Analyze Compliance').item.json.gapCount }}):*\n{{ $('Analyze Compliance').item.json.gapsList }}\n\n\ud83c\udfe2 *Third Parties:* {{ $('Analyze Compliance').item.json.thirdPartyCount }}\n\ud83d\udc68\u200d\ud83d\udcbc *Has DPO:* {{ $('Analyze Compliance').item.json.hasDPO ? 'Yes' : 'No' }}\n\ud83c\udf0d *International Transfers:* {{ $('Analyze Compliance').item.json.hasInternationalTransfers ? 'Yes' : 'No' }}\n\n", "otherOptions": {} }, "id": "slack-alert", "name": "Alert Compliance Team", "type": "n8n-nodes-base.slack", "typeVersion": 2.2, "position": [ 1480, 160 ], "credentials": { "slackOAuth2Api": { "name": "" } } } ], "connections": { "Google Drive Trigger": { "main": [ [ { "node": "Download Document", "type": "main", "index": 0 } ] ] }, "Download Document": { "main": [ [ { "node": "PDF Vector - Analyze Policy", "type": "main", "index": 0 } ] ] }, "PDF Vector - Analyze Policy": { "main": [ [ { "node": "Analyze Compliance", "type": "main", "index": 0 } ] ] }, "Analyze Compliance": { "main": [ [ { "node": "Log Compliance Scan", "type": "main", "index": 0 } ] ] }, "Log Compliance Scan": { "main": [ [ { "node": "Has Issues?", "type": "main", "index": 0 } ] ] }, "Has Issues?": { "main": [ [ { "node": "Alert Compliance Team", "type": "main", "index": 0 } ], [] ] } }, "active": false, "settings": { "executionOrder": "v1" }, "meta": { "templateCredsSetupCompleted": false }, "tags": [] }