Audit Encrypted Assignment Delivery Logs Across All Organizations for GDPR Compliance

The Global Administrator accesses a platform-level audit view within the admin portal that surfaces assignment dispatch events from the Task Assignment Repository across all organizations. For each record, the view shows: organization, coordinator identity, peer mentor recipient (by ID, not plaintext content), dispatch timestamp, delivery confirmation event, and read receipt event. The admin never sees the plaintext assignment content — only event metadata and system identifiers. The row-level security policies in Supabase enforce that plaintext never reaches the admin portal. This log is immutable and append-only, supporting regulatory evidence requirements.

HIGH story-encrypted-task-assignment-global-admin-006 5 pts

Story Points

High

Priority

Encrypted Task Assignment to Peer Mentors

Feature

User Story

As a Global Administrator

I want to access platform-wide audit logs of encrypted assignment dispatch, delivery, and read receipt events across all member organizations, so that I can verify GDPR-compliant handling of sensitive personal data and respond to regulatory inquiries

So that So that I can demonstrate to regulators and auditors that sensitive personal data transmitted to peer mentors is handled with documented access controls, delivery evidence, and no server-side plaintext exposure

Acceptance Criteria

Given the global administrator opens the audit log view in the admin portal, when the view loads, then assignment dispatch events from all organizations are listed with dispatch, delivery, and read timestamps alongside organization and coordinator identifiers
Given the admin filters by organization, when the filter is applied, then only events from that organization are shown without affecting other organizations' data
Given an assignment record is displayed, when the admin inspects it, then no plaintext sensitive content (names, addresses, medical summaries) is ever shown — only system identifiers, timestamps, and event types
Given a regulatory inquiry requires evidence of delivery for a specific assignment, when the admin searches by assignment ID, then the full event timeline for that assignment is retrievable and exportable
Given new delivery or read receipt events occur, when the admin refreshes the audit view, then the latest events are reflected without requiring a cache clear

Business Value

GDPR requires that organisations processing sensitive personal data maintain records of access and transmission. As the platform operator, the Global Administrator must be able to demonstrate compliant data handling to Norwegian data protection authorities (Datatilsynet) on behalf of all member organisations. An immutable, metadata-only audit log provides this evidence without exposing the plaintext sensitive data itself.

Components

Task Assignment Repository data
Encryption Infrastructure infrastructure

Encrypted Task Assignment to Peer Mentors

Related Feature

Global Administrator

User Role