> ## Documentation Index
> Fetch the complete documentation index at: https://mcp-server-langgraph.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Privacy by Design & Default

> GDPR Article 25: Data protection by design and by default implementation

## Data Protection by Design and Default (Article 25)

### Privacy-Preserving Configuration

```yaml theme={null}
# config/privacy_by_default.yaml
privacy_settings:
  # Default to most privacy-protective settings
  defaults:
    data_collection: "minimal"  # Only essential data
    sharing: "none"  # No third-party sharing by default
    retention: "shortest"  # Shortest retention period
    analytics: "anonymized_only"  # No personal data in analytics
    profiling: "disabled"  # No automated profiling
    marketing: "opt_out"  # No marketing communications

  # User must explicitly opt-in for additional processing
  opt_in_required:
    - "service_improvement_analytics"
    - "personalized_recommendations"
    - "third_party_integrations"
    - "extended_data_retention"

  # Pseudonymization by default
  pseudonymization:
    enabled: true
    fields:
      - "user_id"
      - "session_id"
      - "ip_address"
    method: "HMAC-SHA256"
    key_rotation: "90_days"
```

***

## Next Steps

<CardGroup cols={2}>
  <Card title="DPIA" icon="clipboard-check" href="./dpia">
    Conduct impact assessment
  </Card>

  <Card title="Data Protection Principles" icon="scale-balanced" href="./data-protection-principles">
    Review core principles
  </Card>

  <Card title="Back to Overview" icon="arrow-left" href="./overview">
    Return to GDPR overview
  </Card>
</CardGroup>
