What is MCP?
Model Context Protocol (MCP) is a communication standard that allows AI Chatbots and Agents (like ChatGPT and Claude) to access specialist tools and resources to enhance its capabilities and interactions. This 'upskilling' helps AI Chatbots and Agents perform complex or domain specific tasks more accurately and mitigates well known hallucination problems.
How do I connect ComplyMe.AI's MCP tools to AI Chatbots or Agents (like ChatGPT and Claude Cowork)?
Follow the steps below to connect ComplyMe.AI's MCP tools to AI Chatbots or Agents, to enhance its information retrieval and response capabilities.
1. Go to the custom connector settings of the Chatbot or Agent.
- For Claude (Cowork Plan Required), navigate to Settings > Connectors
- For ChatGPT (Pro, Plus, Business, Enterprise or Education Plan Required), navigate to Settings > Apps > Advanced Settings > Developer Mode > Create Apps.
2. Enter the following URL for the MCP Server: https://mcp.complyme.ai/mcp
3. For authentication, choose OAuth. You do not need to provide any static credentials.
4. When you try to connect the Chatbot or Agent to the ComplyMe.AI MCP Server, you will need to log in and authorize the connection.
5. Once connected, prompt the Chatbot or Agent to use ComplyMe.AI's MCP tools.
How do I prompt an AI Chatbot or Agent to use ComplyMe.AI's MCP Tool?
To prompt the Chatbot or Agent to use ComplyMe.AI's MCP tools, tell it to:
1. Use the custom MCP connector you set up.
2. Specify the tool name and its parameters.
3. We also recommend asking the chatbot or agent to provide the tool's raw output in the first instance, so you can review and verify the results directly, rather than relying on processed output.
MCP Tool Specifications
Legal Math
The Legal Math tool is designed to provide a penalty risk analysis based on the parameters you input. Below are the specifications for the parameters you can use with this tool:
- email: (Required) Your subscription email address.
- country: (Required) The country where the third party organisation is located. Must be 2 letter ISO country code. Currently supporting 'IE' for Ireland.
- statute: (Required) The data protection legal framework to analyse the penalty risk against. Currently supporting 'gdpr' for General Data Protection Regulation.
- riskdescription: (Required) A brief description of the project/incident for which the penalty risk analysis is being conducted.
- turnover: (optional) The annual global turnover of the organisation involved in the project/incident. This information may adjust the maximum penalty based on the legal framework, such as the GDPR.
- complaint_rate: (optional, default=0.01) The annual complaint rate associated with your organisation, expressed as a percentage (e.g., 0.01 for 1%). By default, it is set at 1% (0.01). This metric can help contextualise the risk based on the frequency of complaints received.
- secondary_loss_multiplier: (optional, default=0.1) The estimated secondary loss multiplier, expressed as a decimal (e.g., 0.1 for 10%). This multiplier will be used to estimate the potential secondary losses from related provisions and/or legal actions that often occur in addition to main provisions incurring penalties. By default, it is set at 0.1 (10%).
- artefacts: (optional) List of artefacts or documents in the form of URLs relevant to the analysis. URLs must start with 'https://'. Supports URLs containing Text (html, json, plain text, xml, css, javascript, csv, rtf), PDFs and Images (png, jpeg, bmp, webp). Maximum of 20 URL artefacts and 34MB per artefact.
Note: You must be subscribed to the applicable area of law and jurisdiction to use the tool. E.g. For GDPR penalty calculations, you must be a subscriber of the product Privacy Laws (EU GDPR & e-Privacy).
Tool outputs:
- The applicable provisions of the specified legal framework.
- The reasoning on why the provision is applicable.
- Annualised Expected Loss - how much is expected to be lost each year.
- Potential Secondary Loss - how much is expected to be lost as a result of breaches of related provisions and/or legal actions.
Personal Information Flow (PIF) Tool
This tool is designed to generate a Personal Information Flow (PIF) analysis based on a use case description, technical information, and legal jurisdiction. The analysis includes a sequence diagram of personal information data flows and a detailed narrative description of the flow of personal information, including the types of personal information, key actors, systems, data stores and data flows, non compliance risks and areas where privacy by default principles could be applied. Below are the specifications for the parameters you can use with this tool:
- email: (Required) Your subscription email address.
- statute: (Required) The data protection legal framework to analyse the personal information risk against. Currently supporting 'gdpr' for General Data Protection Regulation, 'ccpa' for California Consumer Privacy Act, 'pipl' for Personal Information Protection Law of China.
- usecase description: (Required) A brief description of the project for which a personal information flow analysis is being conducted.
- artefacts: (optional) List of artefacts or documents in the form of URLs relevant to the analysis. URLs must start with 'https://'. Supports URLs containing Text (html, json, plain text, xml, css, javascript, csv, rtf), PDFs and Images (png, jpeg, bmp, webp). Maximum of 20 URL artefacts and 34MB per artefact.
Note: You must be subscribed to the applicable area of law and jurisdiction to use the tool. E.g. For GDPR penalty calculations, you must be a subscriber of the product Privacy Laws (EU GDPR & e-Privacy).
Tool outputs:
- Detailed use case narrative.
- Non-compliance risks based on the legal jurisdiction.
- Privacy by Design recommendations.
- A sequence diagram of personal information data flows on the above.
NOTE: Due to variability in how different chatbots and agents interpret instructions, always tell it to 'Display and save original diagram image returned by the PIF tool to a file'.