Reorganize brain: projects/ top level, rename filenames, update homepage

- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan

projects/passepartout/strategy/compliance/uk-gdpr.org

@@ -0,0 +1,22 @@
+:PROPERTIES:
+:ID:       9bc29937-d59a-4ae4-9623-3d17a1fe6ebb
+:ID:       auto-uk-[[id:513d5996-4ac7-4567-a992-18fc01599104][gdpr]]
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: UK GDPR (Post-Brexit Data Protection)
+#+filetags: :passepartout:compliance:framework:uk:
+
+
+Post-Brexit, the UK maintains its own version of [[id:513d5996-4ac7-4567-a992-18fc01599104][GDPR]] via the Data Protection
+Act 2018. Substantively identical to EU GDPR but diverging over time. The UK
+has announced separate reforms targeting AI and digital identity. ICO (Information
+Commissioner's Office) enforces. Maximum fines: 17.5M GBP or 4% of global turnover.
+
+Why it matters: UK GDPR is EU GDPR's twin market — any gate package designed
+for EU GDPR ports directly with verified translation of terminology (supervisory
+authority → ICO, DPA → equivalent UK contract clauses). The gate stack's ACL2
+prover can verify that the UK version's rules are consistent with the EU version
+(and alert when they diverge). This is a concrete ACL2 application.
+
+** [[id:748db16a-1382-4e5e-8812-a5d57a8de131][NIS2]] (Network and Information Security Directive)
+