원클릭으로
gdpr-compliance
GDPR and data protection patterns for handling European Parliament personal data with privacy by design
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
GDPR and data protection patterns for handling European Parliament personal data with privacy by design
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | gdpr-compliance |
| description | GDPR and data protection patterns for handling European Parliament personal data with privacy by design |
| license | MIT |
This skill applies when:
GDPR (EU Regulation 2016/679) applies to all processing of EU citizens' personal data. Even though MEP data is public, GDPR principles still apply.
// GOOD: Only public information
interface MEPPublicData {
id: number;
fullName: string;
country: string;
partyGroup: string;
active: boolean;
// DO NOT collect: private addresses, personal phones, family data
}
// Define data purpose
const DATA_PURPOSE = 'Providing public parliamentary information via MCP protocol';
/**
* GDPR-compliant audit logging
* Requirement: GDPR Art. 30 (Records of processing activities)
*/
function logPersonalDataAccess(
actor: string,
subject: string,
purpose: string
): void {
auditLog.record({
timestamp: new Date().toISOString(),
eventType: 'personal_data_access',
actor,
subject,
purpose,
legalBasis: 'GDPR_Art_6_1_e_Public_Interest',
});
}
// Usage
logPersonalDataAccess(
'mcp_client',
'mep:12345',
'Parliamentary information query'
);
/**
* Support GDPR Art. 16 (Right to rectification)
*/
async function updateMEPData(
id: number,
corrections: Partial<MEP>
): Promise<void> {
// Validate corrections
const validated = MEPUpdateSchema.parse(corrections);
// Update data
await updateMEP(id, validated);
// Invalidate cache
invalidateMEPCache(id);
// Audit log
auditLog.record({
eventType: 'data_rectification',
subject: `mep:${id}`,
action: 'update',
details: corrections,
legalBasis: 'GDPR_Art_16_Right_to_Rectification',
});
}
/**
* GDPR Art. 5(1)(e): Storage limitation
* Personal data cached for max 24 hours
*/
const mepCache = new LRUCache<string, MEP>({
max: 1000,
ttl: 1000 * 60 * 60 * 24, // 24 hours max
allowStale: false,
});
// Auto-purge expired entries
setInterval(() => {
mepCache.purgeStale();
}, 1000 * 60 * 60); // Hourly cleanup
// NEVER - GDPR requires audit logs!
async function bad(mepId: number) {
return await getMEP(mepId); // No logging!
}
// NEVER - violates data minimization!
interface MEPBad {
id: number;
fullName: string;
privateAddress: string; // Excessive!
personalPhone: string; // Excessive!
familyMembers: string[]; // Excessive!
medicalRecords: string; // Excessive!
}
// NEVER - violates storage limitation!
const cache = new Map(); // No TTL = indefinite storage!
async function getPersonalData(mepId: number): Promise<PersonalDataExport> {
return {
data: await getMEP(mepId),
purpose: DATA_PURPOSE,
legalBasis: 'Public interest (Art. 6(1)(e))',
retentionPeriod: '24 hours (cache)',
recipients: 'MCP clients',
};
}
async function handleErasureRequest(mepId: number): Promise<ErasureResult> {
// For current MEPs: Cannot erase (public interest exemption)
// CAN erase: Cached personal contact information
invalidateMEPCache(mepId);
return {
success: true,
scope: 'cached_data_only',
reason: 'Public figure exemption (GDPR Art. 17(3)(e))',
};
}
Primary: Privacy Policy
Related policies:
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices