# Dastra MCP MCP

> Dastra manages full data privacy and GDPR compliance workflows for your AI client. It lets you handle Data Subject Requests (DSR), track security breaches, map sensitive datasets, and manage records of processing activities all from a single chat interface.

## Overview
- **Category:** document-management
- **Price:** Free
- **Tags:** gdpr, data-privacy, dsr-management, data-mapping, compliance-automation, ropa

## Description

Connect this MCP to any compatible agent to take control of your enterprise compliance tasks without logging into the Dastra portal. You can run full data governance workflows—from tracking every security incident to archiving finished Data Subject Requests—using natural conversation alone. Instead of manually digging through complex tables, you simply ask your AI client for a list of all active workspaces or a summary of records of processing activities (ROPA). The system coordinates the entire compliance registry and privacy requests, acting as your dedicated DPO coordinator. Once connected via Vinkius, your agent handles everything: managing data flow across different business units, checking dataset classifications, and generating comprehensive directories of actors and tags instantly.

## Tools

### archive_dsr
Marks a completed Data Subject Request as archived in the system.

### create_breach
Registers an entirely new data breach incident record for tracking purposes.

### create_dsr
Initiates a brand new Data Subject Request within the compliance system.

### get_dsr
Fetches all current details for one specific, existing DSR by its ID.

### list_actors
Retrieves a list of every actor defined in your compliance registry (controllers, processors).

### list_breaches
Returns a summary listing of all historical and active data breach records.

### list_datasets
Provides an overview list of datasets that are currently mapped in your environment.

### list_dsr
Lists all Data Subject Requests, showing status and creation dates.

### list_processings
Generates a list of recorded processing activities (ROPA) for auditing purposes.

### list_tags
Retrieves the full directory of tags used to classify data across your workspaces.

### list_workspaces
Lists all distinct, isolated operational workspaces available in your account.

### update_dsr
Modifies the status or details of an existing Data Subject Request record.

## Prompt Examples

**Prompt:** 
```
List all active workspaces in my Dastra account.
```

**Response:** 
```
I've retrieved your workspaces. You have 3 active environments: 'Core Operations' (ID: ws_123), 'Marketing', and 'HR Data'. Which one should we check for pending DSR requests?
```

**Prompt:** 
```
Show pending DSR requests for workspace 'ws_123'.
```

**Response:** 
```
Scanning workspace... I found 2 pending requests: 'Right of Access' from @user1 and 'Erasure Request' (ID: dsr_456). Would you like the full details for the access request?
```

**Prompt:** 
```
Register a new data breach 'Server Unauthorized Access' in workspace 'ws_123'.
```

**Response:** 
```
Breach documented! I've successfully registered the 'Server Unauthorized Access' incident in workspace ws_123. The incident ID is 'br_789'. I'll now help you monitor the investigation status.
```

## Capabilities

### Manage Data Subject Requests (DSR)
Create, retrieve details for, update the status of, or archive a specific data subject request.

### Track Security Incidents
Document and maintain records for new security breaches or incidents that require regulatory reporting.

### Analyze Data Flow
List all documented datasets, processing activities (ROPA), and tags across your organization's workspaces.

### Audit Privacy Actors
Retrieve complete directories of actors—like controllers and processors—to maintain an accurate privacy registry.

### Scope Operations
List and coordinate compliance operations across multiple distinct workspaces or business units.

## Use Cases

### Handling a data deletion request.
A DPO receives a Right to Erasure notice. Instead of manually finding the record, they ask their agent to 'Create a new Data Subject Request' and then use `get_dsr` to track its progress until it can be archived with `archive_dsr`.

### Responding to an audit query on data usage.
A Compliance Manager needs proof of how customer data is used. They ask the agent to list all processing activities using `list_processings`, which provides a clear ROPA summary for auditors.

### Coordinating cross-departmental compliance.
A developer needs to check privacy status across three separate business units. They first use `list_workspaces` and then direct the agent to run checks on each environment individually, coordinating operations quickly.

### Documenting a security lapse after hours.
An Ops engineer finds unauthorized access logs. Instead of filling out a paper form, they simply tell their agent to 'Create a new data breach record,' calling `create_breach` and getting an immediate incident ID.

## Benefits

- Instead of manually logging into the Dastra portal, your agent handles state changes. You can programmatically archive a request using `archive_dsr` or update its status using `update_dsr`. This keeps everything centralized and auditable.
- You gain full visibility over your data structure without needing to run complex queries. Just ask for it: the system will generate records of processing activities by calling `list_processings`, giving you a clean ROPA summary immediately.
- Never miss an incident report again. Your agent allows you to document and track security events using `create_breach` or review past incidents with `list_breaches`. This keeps your regulatory response perfectly coordinated.
- The MCP lets you manage data flow across different departments simultaneously. You can run checks against multiple business units by listing all workspaces with a single query, calling `list_workspaces` first.
- Building the compliance picture is simple: ask for it. The system gathers necessary metadata from tools like `list_actors`, allowing you to maintain an accurate and complete privacy registry instantly.

## How It Works

The bottom line is: you use conversation to automate complex data governance processes that used to require multiple manual logins and reports.

1. Subscribe to this MCP and grab your API Access Token from Dastra's user profile.
2. Connect the token to your preferred AI client (Claude, Cursor, etc.) via Vinkius.
3. Ask a natural language question—for example, 'List all active workspaces'—and let your agent execute the required compliance tool calls.

## Frequently Asked Questions

**How do I check my data flow using list_processings?**
Calling `list_processings` shows you all documented processing activities (ROPA). This is the primary way to audit and understand exactly how your organization uses specific datasets.

**Can I use create_dsr if someone asks for data right now?**
Yes, `create_dsr` immediately generates a new Data Subject Request record in the system. You'll get an ID that you can then track using `get_dsr`.

**Do I need to use list_actors before creating a breach?**
No, calling `list_actors` and calling `create_breach` are separate functions. You run them independently based on what metadata you need or what event occurred.

**What is the difference between list_workspaces and list_datasets?**
`list_workspaces` shows you isolated business environments (like 'HR' or 'Marketing'). `list_datasets` shows specific types of data that exist within those workspaces.

**When I use get_dsr, what authentication details do I need to ensure it works?**
You must provide a valid API Access Token from your Dastra user profile. This token authorizes your agent to read specific data records, keeping the connection secure and ensuring you only access authorized PII.

**If I need to adjust an existing request's status, how do I use update_dsr?**
You call the tool with the unique DSR ID and all necessary fields. The MCP validates your input against Dastra’s schema first. This prevents data corruption by ensuring you provide every required compliance field.

**Are there rate limits when I use list_dsr to check a large volume of requests?**
The MCP handles standard API rate limiting for you. If your agent hits a usage ceiling, it will return an error code and pause execution immediately. The response tells you exactly when you can safely try again.

**How do I use list_tags to determine which datasets are affected by compliance changes?**
You first run the list_tags tool to get available tag IDs. Then, pass those specific IDs into your dataset queries. This two-step process lets your agent check for exact matches before retrieving any sensitive data scope.

**How do I find my Dastra Access Token?**
Log in to Dastra, click your profile icon, navigate to **API Access**, and generate a new Access Token for your account.

**What is a DSR request?**
Data Subject Requests are exercises of privacy rights (Access, Erasure, etc.) submitted by individuals under data protection laws.

**Can I manage multiple workspaces?**
Yes! Use the `list_workspaces` tool to identify your workspace IDs, then use them as parameters in other tools like `list_dsr` or `list_breaches`.