> ## Documentation Index
> Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# GDPR

> Check AI content against GDPR. Covers lawful basis, data subject rights, transparency, DPO requirements, cross-border transfers, and data minimization.

<Info>
  **Endpoint:** `POST /railscore/v1/compliance/check` | **Framework code:** `gdpr` | **Credits:** 5.0 per call
</Info>

The General Data Protection Regulation (EU 2016/679) governs the processing of personal data of individuals in the European Union. The compliance check evaluates AI-generated content against GDPR requirements and returns clause-level findings with remediation guidance.

## Supported checks

| Area                   | Articles     | What's checked                                             |
| ---------------------- | ------------ | ---------------------------------------------------------- |
| Lawful basis           | Art. 6, 9    | Whether a valid legal basis for processing is stated       |
| Transparency           | Art. 12-14   | Information provided to data subjects                      |
| Data subject rights    | Art. 15-22   | Right of access, rectification, erasure, portability       |
| Data minimization      | Art. 5(1)(c) | Whether processing is limited to what's necessary          |
| Purpose limitation     | Art. 5(1)(b) | Whether data is collected for specified, explicit purposes |
| Cross-border transfers | Art. 44-49   | Adequacy decisions, SCCs, BCRs                             |
| DPO requirements       | Art. 37-39   | Data Protection Officer obligations                        |
| DPIA                   | Art. 35      | Data Protection Impact Assessment requirements             |

## Request

```bash theme={null}
curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "We collect user browsing behavior to personalize product recommendations.",
    "frameworks": ["gdpr"],
    "context": "E-commerce chatbot serving EU customers"
  }'
```

## Response

```json theme={null}
{
  "result": {
    "overall_compliant": false,
    "frameworks": {
      "gdpr": {
        "compliant": false,
        "issues": [
          {
            "clause": "Article 6 — Lawful basis for processing",
            "description": "No legal basis stated for behavioral data collection. Consent or legitimate interest must be identified.",
            "severity": "high",
            "remediation": "Explicitly state the legal basis (e.g., Art. 6(1)(a) consent or Art. 6(1)(f) legitimate interest) and document the basis in your records of processing."
          },
          {
            "clause": "Article 13 — Information to be provided",
            "description": "No mention of data retention period or data subject rights.",
            "severity": "medium",
            "remediation": "Disclose the retention period, data subject rights (access, erasure, portability), and contact details for the DPO."
          }
        ]
      }
    }
  },
  "credits_consumed": 5.0
}
```

## Combine with other frameworks

Check GDPR alongside EU AI Act in a single call:

```bash theme={null}
curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/check \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_RAIL_API_KEY" \
  -d '{
    "content": "Our AI system classifies loan applicants by credit risk.",
    "frameworks": ["gdpr", "eu_ai_act"],
    "context": "Automated lending platform in the EU"
  }'
```

Multi-framework checks cost 8.0 credits (2-3 frameworks) or 10.0 credits (4-5 frameworks).

<Note>
  Dedicated GDPR endpoints for consent lifecycle management, DPIA automation, DPO dashboard, and cross-border transfer assessment are under development.
</Note>