GDPR Compliance Skill

Purpose

Ensure GDPR compliance for political data processing in Riksdagsmonitor while maintaining democratic transparency.

Legal Basis for Political Data

GDPR Article 6(1) - Lawful Processing

• Article 6(1)(e): Processing for public interest task
• Application: Democratic transparency and accountability monitoring
• Justification: Offentlighetsprincipen (Swedish Public Access Principle)

GDPR Article 9 - Special Category Data

• Political Opinions: Special category requiring explicit legal basis
• Exemption 9(2)(e): Data manifestly made public by data subject
• Exemption 9(2)(g): Processing for substantial public interest

Data Subject Rights

1. Right to Access (Article 15)

• Individuals can request their data
• Provide copy in machine-readable format
• Limited for public figures in official capacity

2. Right to Rectification (Article 16)

• Correct inaccurate data promptly
• Update records from official sources

3. Right to Erasure (Article 17)

• Limited for public officials
• Historical records retained for research

4. Right to Object (Article 21)

• Clear objection mechanisms
• Case-by-case assessment

Privacy-by-Design

• Data Minimization: Only necessary political data
• Purpose Limitation: Transparency purposes only
• Storage Limitation: Documented retention policy
• Integrity: HTTPS-only, secure headers
• No Tracking: No cookies, analytics, or user tracking

ISMS Compliance

ISO 27001:2022

• A.5.34: Privacy and protection of PII

NIST CSF 2.0

• ID.GV-3: Legal requirements understood

References

• GDPR: https://gdpr-info.eu/
• Swedish DPA: https://www.imy.se/
• ISMS: https://github.com/Hack23/ISMS-PUBLIC