Schema | GDPR Compliance for AI Systems MCP Server

GDPR Compliance for AI Systems MCP Server

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
No arguments

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
classify_processingA	Classify data processing activities per GDPR articles. Determines which GDPR articles apply, whether a DPIA is required, special category processing status, and automated decision-making obligations. Args: processing_description: Description of the data processing activity data_categories: Types of personal data processed (e.g. ["name", "email", "biometric", "health"]) data_subjects: Categories of data subjects (e.g. ["employees", "customers", "children"]) processing_purposes: Purposes of processing (e.g. ["fraud detection", "personalization"]) automated_decision_making: Whether processing involves automated decisions affecting individuals large_scale: Whether processing is conducted on a large scale caller: Caller identifier for rate limiting tier: Access tier (free/pro)
lawful_basis_assessmentA	Determine the appropriate lawful basis for processing under GDPR Article 6. Evaluates all 6 lawful bases with AI-specific considerations and recommends the most appropriate basis with supporting rationale. `Args: processing_purpose: The specific purpose of data processing data_categories: Types of personal data involved controller_type: "private" (company), "public" (government/public body) relationship_with_data_subject: Nature of relationship (customer/employee/patient/citizen/visitor) ai_processing: Whether an AI/ML system is used in processing caller: Caller identifier for rate limiting tier: Access tier (free/pro)`
dpia_generatorA	Generate a Data Protection Impact Assessment per GDPR Article 35. Produces a structured DPIA with necessity assessment, risk evaluation, and mitigation measures. Required before high-risk AI processing begins. Args: system_name: Name of the AI system or processing operation system_description: Detailed description of the system and its processing processing_purposes: Specific purposes of the processing data_categories: Types of personal data processed data_subjects: Categories of data subjects data_volume: Approximate volume (e.g., "10,000 records", "1M users") retention_period: How long data is retained (e.g., "2 years", "model lifetime") third_party_sharing: Whether data is shared with third parties international_transfers: Whether data is transferred outside the EEA caller: Caller identifier for rate limiting tier: Access tier (free/pro)
rights_request_handlerA	Handle data subject rights requests under GDPR Articles 15-22. Provides step-by-step guidance for responding to access, rectification, erasure, restriction, portability, objection, and automated decision-making requests with AI-specific considerations. `Args: right_invoked: Which right is being exercised: "access", "rectification", "erasure", "restriction", "portability", "objection", "automated_decision" data_subject_description: Description of the requesting data subject processing_context: Context of the data processing involved ai_system_involved: Whether an AI system processed the data subject's data request_details: Specific details of the request caller: Caller identifier for rate limiting tier: Access tier (free/pro)`
breach_notificationA	Assess breach severity and notification requirements under GDPR Articles 33-34 (72-hour rule). Determines whether supervisory authority and data subject notification is required, and generates the notification content. Args: breach_description: Description of the personal data breach data_categories_affected: Types of personal data affected number_of_records: Approximate number of records/individuals affected breach_type: Type of breach: "confidentiality" (unauthorized access), "integrity" (unauthorized alteration), "availability" (unauthorized loss of access) detection_timestamp: When the breach was detected (ISO format, or "now") ai_system_involved: Whether an AI system was involved in the breach caller: Caller identifier for rate limiting tier: Access tier (free/pro)
crosswalk_to_eu_ai_actA	Map GDPR requirements to EU AI Act obligations. Shows where GDPR compliance satisfies, complements, or creates tension with EU AI Act requirements. Essential for organizations deploying AI in the EU that must comply with both regulations simultaneously. `Args: gdpr_articles: Specific GDPR articles to map (or all if omitted) focus_area: Focus on "all", "transparency", "automated_decisions", "data_governance", or "risk" caller: Caller identifier for rate limiting tier: Access tier (free/pro)`

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Server Configuration
Capabilities
Tools
Prompts
Resources

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/gdpr-compliance-ai-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server