HighPR-scope

PII-introducing PRs require DPIA & RoPA updates

If a PR adds new PII fields (e.g., email, phone, address, dob, national_id), include links to updated DPIA and RoPA, migration with retention, and masking rules. Add a checklist item confirming lawful_basis. (GDPR Art. 35, Art. 30)

Add to Mesrai Open workspace

Why this matters

High-risk processing must be assessed and documented at change time.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

PR title: "Add phone column"

(No DPIA/RoPA link, no retention, no masking rules.)

Prefer

PR title: "Add phone for 2FA (lawful_basis=legitimate_interest)"

- [x] DPIA updated
- [x] RoPA entry added (purpose=auth_2fa)
- [x] Migration sets expires_at
- [x] Logs mask phone
- [x] Consent unaffected

More snippets

Good

- [x] DPIA link: /docs/dpia/2fa-phone-v2.md

Bad

Adds phone TEXT with no docs or retention

Related rules

From the same buckets as this rule.

Critical
Idempotent Right to Erasure across all stores
Provide a single idempotency-keyed erasure workflow that scrubs PII in primary DB, caches, search indices, and object storage; emit an audit event with erasure_request_id. (GDPR Art. 17)
compliance-gdprprivacy-pii+2
High
Encrypt PII at rest using application-layer crypto
Encrypt sensitive columns (e.g., email, phone) with managed keys; ensure DB connection enforces TLS. Store only ciphertext; compare via deterministic token/hashes when needed. (GDPR Art. 32)
compliance-gdprsecurity-hardening+1
High
Enforce retention with explicit TTL per data category
PII tables must include an expires_at (or retention_policy) column and a scheduled deletion/archival job aligned to data category. No indefinite retention. (GDPR Art. 5(1)(e))
compliance-gdprprivacy-pii+2

Why this matters

Bad vs. good

More snippets

Related rules

Idempotent Right to Erasure across all stores

Encrypt PII at rest using application-layer crypto

Enforce retention with explicit TTL per data category

Why this matters

Bad vs. good

More snippets

Related rules

Idempotent Right to Erasure across all stores

Encrypt PII at rest using application-layer crypto

Enforce retention with explicit TTL per data category