GDPR — Compliance Mapping
EnforceCore v1.0.15 · Last updated Feb 2026
Info
Info: This document maps EnforceCore capabilities to relevant GDPR articles. It is not legal advice and does not constitute a compliance certification. Organizations must perform their own data protection impact assessments (DPIAs) with qualified legal counsel.
Scope
The General Data Protection Regulation (GDPR) applies to any organization processing personal data of EU/EEA residents. When AI agents process personal data — names, emails, phone numbers, health records — GDPR imposes strict requirements on data minimization, transparency, and accountability.
EnforceCore helps address these requirements at the runtime enforcement layer — the point where agent actions are intercepted before execution.
Article-by-Article Mapping
Article 5 — Principles Relating to Processing
| Principle | GDPR Requirement | EnforceCore Capability |
|---|---|---|
| Lawfulness, fairness, transparency | Processing must be lawful and transparent | Merkle-chained audit trail provides full transparency of all agent actions |
| Purpose limitation | Data collected for specified purposes only | Policy engine restricts tool access to explicitly allowed operations |
| Data minimization | Only necessary data should be processed | PII redaction removes unnecessary personal data from agent outputs |
| Accuracy | Personal data must be accurate | Deterministic policy evaluation — no model-dependent decisions on data handling |
| Storage limitation | Data kept only as long as necessary | Audit logs are append-only; retention policies can be configured |
| Integrity and confidentiality | Appropriate security measures | Fail-closed enforcement, tool gating, network controls |
Article 25 — Data Protection by Design and by Default
| Requirement | EnforceCore Capability |
|---|---|
| Implement appropriate technical measures | PII redaction is enabled by default when configured in YAML policy |
| Data protection integrated into processing | EnforceCore sits at the runtime boundary — personal data is intercepted before it leaves the agent |
| Only necessary personal data processed | pii_redaction.categories specifies exactly which PII types to detect and redact |
| Default settings protect personal data | on_violation: block is the recommended default — violations are blocked, not logged |
Article 30 — Records of Processing Activities
| Requirement | EnforceCore Capability |
|---|---|
| Maintain records of processing activities | Merkle-chained audit trail records every agent action with timestamps |
| Include purposes, categories of data, recipients | Audit log entries include: tool name, arguments, policy evaluation result, redaction actions |
| Records available to supervisory authority on request | enforcecore verify CLI command validates audit trail integrity; logs can be exported |
Article 32 — Security of Processing
| Requirement | EnforceCore Capability |
|---|---|
| Appropriate technical and organizational measures | Runtime enforcement layer with fail-closed design |
| Pseudonymization and encryption | PII is replaced with placeholders ([REDACTED-EMAIL], [REDACTED-SSN]) before leaving the agent boundary |
| Ensure ongoing confidentiality, integrity, availability | SHA-256 Merkle chain ensures audit trail integrity; policy engine ensures consistent enforcement |
| Regular testing and evaluation | enforcecore dry-run allows testing policies without executing actions; 1,500+ automated tests |
Article 35 — Data Protection Impact Assessment (DPIA)
| Requirement | EnforceCore Capability |
|---|---|
| Assess impact of processing on data protection | EnforceCore's audit trail provides the data needed for DPIAs |
| Describe the processing and its purposes | Policy YAML files document exactly what the agent is allowed to do |
| Assess necessity and proportionality | Tool allow/deny lists enforce the principle of least privilege |
| Measures to address risks | PII redaction, rate limiting, cost guards, network controls |
PII Categories Supported
EnforceCore's regex-based PII detection currently supports:
| Category | Example Pattern | Redaction Output |
|---|---|---|
user@example.com |
[REDACTED-EMAIL] |
|
| Phone | +1-555-0123 |
[REDACTED-PHONE] |
| SSN | 123-45-6789 |
[REDACTED-SSN] |
| Credit Card | 4111-1111-1111-1111 |
[REDACTED-CC] |
| Name | John Smith |
[REDACTED-NAME] |
| Address | 123 Main St, City, ST 12345 |
[REDACTED-ADDRESS] |
Warning
Warning: Regex-based PII detection has inherent limitations. It may not catch all PII variants (e.g., obfuscated data, uncommon formats). Organizations handling sensitive data should layer additional detection methods (NER models, custom patterns) alongside EnforceCore.
Gaps and Limitations
| Area | Status | Notes |
|---|---|---|
| Right to erasure (Art. 17) | ⚠️ Partial | Audit logs are append-only by design (integrity). Erasure of personal data from logs requires organizational procedures. |
| Data portability (Art. 20) | ⚠️ Partial | Audit logs are exported as JSONL — portable but not in a standardized personal data format. |
| Consent management | ❌ Out of scope | EnforceCore does not manage user consent. This must be handled by the application layer. |
| Cross-border transfer (Art. 46) | ❌ Out of scope | EnforceCore is infrastructure — deployment geography is the organization's responsibility. |
| DPO notification | ❌ Out of scope | Organizational responsibility, not a technical control. |
Recommended Configuration
For GDPR-aligned deployments, we recommend:
name: "gdpr-compliant-policy"
version: "1.0"
rules:
pii_redaction:
enabled: true
categories: [email, phone, ssn, credit_card, name, address]
strategy: placeholder
allowed_tools:
- search_documents
- generate_summary
denied_tools:
- send_email
- write_file
- execute_shell
on_violation: blockCombined with:
enforcecore verifyin CI/CD to validate audit trail integrity- Regular DPIA reviews using exported audit logs
- Organizational consent management upstream of EnforceCore