BenGuardBENGUARD/Docs/Scanners/GDPR/CCPA Compliance
Back to Documentation

GDPR/CCPA Compliance

Detects EU/California protected personal data

API Field: gdpr_ccpa_enabled

Overview

GDPR/CCPA Detection identifies personal data protected under the European Union's General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). This scanner helps organizations maintain compliance with these comprehensive privacy regulations.

What It Detects

  • EU National ID numbers
  • Biometric data references
  • Racial or ethnic origin data
  • Political opinions
  • Religious beliefs
  • Trade union membership
  • Genetic/health data
  • Sexual orientation data
  • California resident identifiers

Why It Matters

GDPR fines can reach €20 million or 4% of global annual revenue. CCPA allows $2,500-$7,500 per intentional violation plus private right of action for data breaches. Non-compliance risks are significant.

Technical Details

Risk Score Range

0.0 - 1.0 (High risk: > 0.5)

Confidence Level

Typically 0.85 - 0.96

Processing Time

< 80ms per scan

Common Use Cases

International e-commerceSaaS platforms with EU usersMarketing automationHR systemsCustomer analytics

Detection Examples

Threat Example #1Risk: 95%
User's UK National Insurance Number is AB 12 34 56 C

EU national identifier - requires GDPR protection.

Threat Example #2Risk: 88%
Customer indicated they are a member of the Labour Party.

Political opinion - special category data under GDPR.

Threat Example #3Risk: 96%
Based on facial recognition, the user appears to be of Asian ethnicity.

Biometric data revealing racial/ethnic origin - highly protected.

API Usage

Enable this scanner in your API request by setting gdpr_ccpa_enabled to true in your API key settings, or include it in your request:

curl -X POST https://benguard.io/api/v1/scan \
  -H "X-API-Key: ben_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "Your user input here"
  }'

The scanner settings are configured per API key in your dashboard under Settings → Scanner Configuration.

Response Format

When this scanner detects a threat, the response will include:

{
  "is_valid": false,
  "status": "threat_detected",
  "risk_score": 0.95,
  "threat_types": ["gdpr_ccpa"],
  "details": {
    "results": [
      {
        "scanner": "gdpr_ccpa",
        "threat_detected": true,
        "risk_score": 0.95,
        "confidence": 0.92,
        "details": {
          "reason": "EU national identifier - requires GDPR protection.",
          "evidence": ["detected pattern in input"]
        }
      }
    ]
  },
  "request_id": "req_abc123"
}

Best Practices

  • Implement data minimization principles
  • Obtain explicit consent for special category data
  • Provide data subject access request handling
  • Document all data processing activities
  • Implement right to erasure capabilities

Related Scanners

Consider enabling these related scanners for comprehensive protection:

PII Detection

Scans for personally identifiable information

HIPAA Compliance

Scans for Protected Health Information (PHI)

LGPD Compliance

Scans for Brazilian personal data (CPF, RG, etc.)