GDPR¶
In one sentence¶
GDPR is the EU's omnibus personal-data law: it defines what counts as personal data, who's responsible for it, what lawful bases exist to process it, and what rights data subjects keep.
Who does it apply to?¶
- Anyone processing personal data of EU/EEA residents.
- Anyone established in the EU/EEA who processes personal data (even of non-EU subjects).
- Non-EU controllers offering goods or services to EU subjects, or monitoring their behaviour.
For AI agents, the practical test is: if the prompt, output, or tool input contains identifiable information about an EU person — names, emails, IPs, behavioural data — you're in scope.
The two-minute explainer¶
GDPR replaced a 1995 directive in 2018 with a regulation: directly applicable across the EU, with teeth (fines up to 4% of global turnover). The core moves were: extraterritorial reach, mandatory DPOs in some cases, breach notification within 72 hours, and explicit data-subject rights (access, rectification, erasure, portability, objection).
For engineers, two shapes dominate.
Principles in Art. 5. Personal data must be processed lawfully, fairly, and transparently; collected for explicit purposes and not used for incompatible ones; kept only as long as needed; protected by appropriate technical and organisational measures. These principles back-stop everything else.
Lawful bases in Art. 6. You can only process personal data if you have a lawful basis: consent, contract, legal obligation, vital interests, public task, or legitimate interests. Special-category data (health, race, biometrics, etc.) needs an additional Art. 9 basis. Pick wrong and the whole processing falls.
The AI-relevant articles for engineers: Art. 22 (no fully-automated decisions with legal effect without safeguards), Art. 25 (data protection by design and by default), Art. 30 (records of processing), Art. 33 (72-hour breach notification), Arts. 44-49 (international transfers).
What it actually requires of an engineer¶
- Purpose binding for every processing activity (Art. 5(1)(b)). You record the purpose; you don't reuse the data for an incompatible one.
- Storage limitation (Art. 5(1)(e)). Define a retention window and
enforce it. Regulus'
RegulusRetentionEventCompactoris the technical enforcement. - Privacy by design (Art. 25). Minimisation, pseudonymisation, the right defaults. PII redaction before LLM call is a textbook Art. 25 control.
- Records of processing (Art. 30). The list of processing activities, what data they touch, who has access, retention. Auditors want to see this synced with reality.
- Subject rights (Arts. 15–22). Access, rectification, erasure, portability, objection, and the Art. 22 safeguards on automated decisions.
- International transfers (Arts. 44–49). Adequacy decisions, SCCs, BCRs, derogations. Region pinning + transfer paperwork.
- Breach notification (Art. 33). 72-hour clock from awareness. Audit trail must support reconstruction.
What Regulus does for you¶
RegulusPrivacyPluginruns PII redaction before every model call. Built- in patterns cover the common high-risk data (NINO, IBAN, BIC, email, postcode, NHS Number).RegulusPolicyPluginenforces purpose codes — agent cannot run without one — andRequireConfirmationfor Art. 22 automated decisions with legal effect.RegulusAuditPluginemits the Art. 30 records (subject_id, purpose_code, lawful_basis, data_categories) so your DPO has live ROPA evidence.RegulusRetentionEventCompactorenforces storage limitation with per-profile retention.RegulusDataResidencyPluginpins regions; the GDPR profile defaults to EU/EEA regions with SCC allowance for transfers.Regulus*SessionServiceandRegulusFirestoreMemoryServiceexpose an Art. 17 erasure path.
Saves you ~¶
- Pattern library + tests for PII: ~3 engineer-weeks.
- ROPA + audit pipeline + retention: ~6 engineer-weeks.
- Region pinning with startup fail-closed: ~2 engineer-weeks.
- Art. 17 erasure path that doesn't leak the body to the audit log: ~1 engineer-week.
Total: ~12 engineer-weeks of foundation, before you've started on sector-specific layers. Regulus is one dependency.
Code: minimal¶
Code: production¶
regulus:
compliance:
profiles: [gdpr, eu-ai-act]
adk:
audit:
sink: kafka
kafka-topic: audit.gdpr.v1
residency:
allowed-regions:
- europe-west1
- europe-west2
- europe-west3
- europe-west4
session-service:
kind: vertex-ai
project-id: ${GOOGLE_CLOUD_PROJECT}
location: europe-west1
How to verify¶
- Request with an embedded NINO: audit event shows
redactions: [NINO_1]; raw NINO never reaches the model. - Request without
purpose_code: blocked atBeforeModelCallbackwithBlock(missing_purpose, ..., Art. 5(1)(b)). - Tear down a customer: erasure path on
RegulusFirestoreSessionServiceremoves session payloads, replaces with tombstones in the audit log referencing the deletion event.
What an auditor will ask¶
- "Where is your ROPA?" Audit topic with
purpose_code,lawful_basis,data_categoriesfields. - "Show me your retention policy."
EventCompactionPolicyfor thegdprprofile; Kafka topic retention setting; demonstration of compaction running. - "How do you action a subject access request?" Subject-linked query in the audit log + erasure path demo.
- "How do you stop personal data from leaving the EEA?"
RegulusDataResidencyPluginstartup check; show the configured allowlist; show fail-closed behaviour when a misconfiguration is forced. - "What happens for fully-automated decisions with legal effect?"
RegulusPolicyPluginpolicy chain producesRequireConfirmation; demo the ADKToolConfirmationflow.
What this doesn't cover¶
- Choosing your lawful basis. That's a DPO / legal call. We record what you say it is; we don't validate the choice.
- DPIA execution. Regulus exports evidence; you write the DPIA.
- Cross-border transfer paperwork (SCCs, BCRs). Operational; we surface the technical state.
- Special-category data classification. You tag the data category in the invocation context; we audit and enforce on the tag.
- The right to be forgotten under the e-Commerce Directive / Digital Services Act. Separate framework; not in scope.
Framework mapping¶
The GDPR articles Regulus most actively enforces map to:
- NIST AI RMF — Art. 5(1)(b) (purpose) ↔
MAP-1.1. Art. 25 (privacy by design) ↔GOVERN-1.1. Arts. 44-49 (transfers) ↔MEASURE-2.7. - NIST 600-1 GenAI Profile — Art. 25 ↔
GAI-4(data privacy). - ISO/IEC 42001 — Art. 25 ↔
A.7(Data for AI). Art. 30 (records of processing) ↔A.6.2.7(event logs). Arts. 44-49 ↔A.6.2.4(deployment criteria).
See Coverage matrix for full bindings.
Citations¶
- Regulation (EU) 2016/679 — https://eur-lex.europa.eu/eli/reg/2016/679/oj
- Art. 5 — principles.
- Art. 6 — lawful bases.
- Art. 9 — special categories.
- Art. 17 — right to erasure.
- Art. 22 — automated individual decision-making.
- Art. 25 — data protection by design and by default.
- Art. 30 — records of processing activities.
- Art. 33 — breach notification.
- Arts. 44–49 — international transfers.
- EDPB guidance — https://edpb.europa.eu/edpb_en