ADR-025 plans 4 epics that raise the template's DPA/GDPR coverage from
~50% (ADR-017/018/022/023/024) to ~80%. Adds two optional cores
(core-dsr, core-consent), a fourth conformance channel (rate-limit),
three new manifest fields, three new generators with CI drift gates,
and a docs/compliance/ + compliance/ split for templates vs evidence.
Documents the audit ↔ DSR sibling-not-overlap distinction (audit
records access; DSR acts on the underlying data). Four explicit
deferrals with revisit triggers (RBAC, MFA, breach detection, Art. 22).
Glossary updated with DSR, Consent, Rate-limit, PII inventory, Retention
policy, Sub-processor, docs/compliance/ vs compliance/ entries.
