Security
Continuous privacy compliance
Check PRs and scheduled scans for PII handling, retention gaps, and missing consent gates against GDPR, HIPAA, and SOC 2 controls.
[ workflow / security ]
Continuous privacy compliance
Privacy issues often start as small implementation choices. Cosmos scans PRs for new collection, transmission, or storage patterns, then runs weekly sweeps across data stores for retention gaps, unencrypted PII, and missing consent. Findings map to GDPR, HIPAA, or SOC 2 controls and route to the privacy owner.
07 nodes
06 edges
Code scan mode
Code · DB fields · storage buckets
GDPR · HIPAA · SOC2 criteria
Decision
Critical findings?
Slack + ticketing system
Decision
Critical findings?
Slack + ticketing system
Approval required before merge / release
Workflow prompt
Paste this into Augment to reproduce the workflow end-to-end.
Cosmos, operate in two modes: (1) PR-time scan: on every pull request, detect new code patterns that collect, log, transmit, or store personal data (emails, IDs, health data, device fingerprints, IP addresses). Cross-reference against the approved data inventory. Flag unapproved data flows with the relevant GDPR article or HIPAA safeguard and require privacy-owner approval before merge. (2) Weekly sweep: scan all database tables and object storage buckets for fields containing PII without a registered retention policy, missing encryption at rest, or absence of a consent record linkage. Produce a compliance gap report mapped to GDPR Art. 5, HIPAA §164.312, and SOC2 CC6 controls. Route critical findings to the privacy@company Slack channel immediately.