Design a Compliance Monitoring System (GDPR/HIPAA)

To design a Compliance Monitoring System for GDPR and HIPAA, I would start by defining the scope. We need to protect PHI and PII across Salesforce's multi-tenant architecture. First, I'd implement a centralized Policy Engine that classifies data at ingestion based on tags like 'PHI' or 'EU_Resident'. For data protection, I propose a dual-layer approach. Sensitive fields undergo dynamic masking in transit using AES-256 encryption, while at rest, we use field-level tokenization to replace values with non-sensitive surrogates, ensuring developers never see raw data. Retention policies must be automated; a cron-based job scans metadata every hour to identify records exceeding retention windows, triggering a cryptographic shredding process rather than simple deletion to prevent recovery. The most critical component is the verifiable audit trail. Every access, modification, or export request generates an immutable log entry stored in a Write-Once-Read-Many (WORM) compliant store. Each entry includes a cryptographic hash of the previous entry, creating a chain of custody. If an auditor requests proof of access for a specific patient record, the system generates a signed report showing the exact timestamp, user ID, and action, which can be cryptographically verified against the blockchain ledger. This ensures that even internal admins cannot alter history, satisfying both HIPAA's security rule and GDPR's accountability principle.