AI Agent Skill HUB

gdpr-compliance

This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

242 stars
byaiskillstore
View on GitHubInstallation ↓

Best use case

gdpr-compliance is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.

Practical example

Example input

Use the "gdpr-compliance" skill to help with this workflow task. Context: This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

Example output

A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.

When to use this skill

  • Use this skill when you want a reusable workflow rather than writing the same prompt again and again.

When not to use this skill

  • Do not use this when you only need a one-off answer and do not need a reusable workflow.
  • Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/gdpr-compliance/SKILL.md --create-dirs "https://raw.githubusercontent.com/aiskillstore/marketplace/main/skills/acurioustractor/gdpr-compliance/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/gdpr-compliance/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How gdpr-compliance Compares

Feature / Agentgdpr-complianceStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# GDPR Compliance Skill

This skill provides comprehensive guidance for implementing and reviewing GDPR-compliant features in Empathy Ledger.

## GDPR Rights Reference

### Article 15 - Right of Access
**Requirement**: Users can request a copy of their personal data

**Implementation**:
```typescript
// GET /api/user/export
const data = await gdprService.exportUserData(userId)
// Returns: stories, media, profile, consent records, activity logs
```

### Article 16 - Right to Rectification
**Requirement**: Users can correct inaccurate personal data

**Implementation**:
- Edit profile via profile settings
- Edit stories via story editor
- All changes logged in audit trail

### Article 17 - Right to Erasure (Right to be Forgotten)
**Requirement**: Users can request deletion of their data

**Implementation**:
```typescript
// POST /api/user/deletion-request
// Initiates 30-day deletion workflow

// POST /api/stories/[id]/anonymize
// Immediate anonymization of specific story
```

**Anonymization Process**:
1. Remove PII from story content
2. Replace author name with "Anonymous Storyteller"
3. Disassociate from profile (set storyteller_id = null)
4. Revoke all active distributions
5. Anonymize related media
6. Keep anonymized audit trail

### Article 20 - Right to Data Portability
**Requirement**: Users can export data in machine-readable format

**Implementation**:
- JSON export format
- Includes all user-generated content
- Downloadable via vault dashboard

## Consent Management

### Consent Capture
```typescript
interface ConsentRecord {
  has_consent: boolean           // Initial consent given
  consent_verified: boolean      // Consent verification completed
  consent_method?: string        // 'written' | 'verbal' | 'digital'
  consent_date?: Date
  consent_witness_id?: string    // For verbal consent
}
```

### Consent Withdrawal
```typescript
// POST /api/stories/[id]/consent/withdraw
// Triggers:
// 1. Set consent_withdrawn_at timestamp
// 2. Revoke all embed tokens
// 3. Mark all distributions as revoked
// 4. Send webhook notifications
// 5. Queue external takedown requests
// 6. Create audit log entries
```

## Data Processing Lawful Bases

For Empathy Ledger, we rely on:

1. **Consent (Article 6(1)(a))** - Primary basis for story sharing
2. **Legitimate Interest (Article 6(1)(f))** - Platform operation, security

## Data Minimization

### Collect Only What's Needed
- Essential profile data: name, email, organization
- Story content: as provided by user
- Technical data: minimal logging for security

### Retention Limits
- Active data: retained while account active
- Deleted data: fully removed within 30 days
- Anonymized data: kept for aggregate statistics only
- Audit logs: anonymized after account deletion

## Implementation Checklist

### User Data Export
```
□ Export includes all user stories
□ Export includes media files
□ Export includes profile data
□ Export includes consent records
□ Export includes activity log
□ Format is JSON (machine-readable)
□ Download is secure (authenticated)
```

### Data Deletion
```
□ Deletion request creates ticket
□ User receives confirmation email
□ 30-day processing window
□ All stories anonymized or deleted
□ All media files removed
□ Profile data erased
□ Audit trail anonymized
□ Third-party distributions notified
```

### Consent Tracking
```
□ Consent captured before distribution
□ Consent method recorded
□ Consent can be withdrawn
□ Withdrawal cascades automatically
□ Audit trail for consent changes
□ Re-consent required for new purposes
```

## API Endpoints

### Data Rights
- `GET /api/user/export` - Export all user data
- `POST /api/user/deletion-request` - Request account deletion
- `GET /api/user/deletion-request` - Check deletion status

### Story-Level GDPR
- `POST /api/stories/[id]/anonymize` - Anonymize specific story
- `POST /api/stories/[id]/consent/withdraw` - Withdraw consent

### Audit Access
- `GET /api/stories/[id]/audit` - View story audit trail
- `POST /api/stories/[id]/audit/export` - Export audit report

## Database Schema

### deletion_requests
```sql
CREATE TABLE deletion_requests (
  id UUID PRIMARY KEY,
  user_id UUID NOT NULL,
  tenant_id UUID NOT NULL,
  request_type TEXT NOT NULL,     -- 'anonymize_story', 'delete_account'
  status TEXT DEFAULT 'pending',  -- 'pending', 'processing', 'completed'
  requested_at TIMESTAMPTZ,
  processed_at TIMESTAMPTZ,
  completed_at TIMESTAMPTZ
);
```

### Story Anonymization Fields
```sql
-- On stories table
anonymization_status TEXT,        -- null, 'partial', 'full'
anonymized_fields JSONB,          -- Track what was anonymized
consent_withdrawn_at TIMESTAMPTZ  -- When consent was withdrawn
```

## Services

### GDPRService
```typescript
class GDPRService {
  exportUserData(userId: string): Promise<DataExport>
  anonymizeStory(storyId: string): Promise<AnonymizeResult>
  anonymizeUserData(userId: string): Promise<AnonymizeResult>
  createDeletionRequest(userId: string, type: string): Promise<Request>
  processDeletionRequest(requestId: string): Promise<void>
  scrubPII(content: string): string
}
```

## Code Review for GDPR

When reviewing code, verify:

1. **Data Collection**: Is this data necessary?
2. **Consent**: Is consent captured before processing?
3. **Access**: Can users access their data?
4. **Rectification**: Can users correct their data?
5. **Erasure**: Can users delete their data?
6. **Portability**: Can users export their data?
7. **Audit**: Are actions logged?
8. **Security**: Is data properly protected?

Related Skills

accessibility-compliance

242
from aiskillstore/marketplace

Implement WCAG 2.2 compliant interfaces with mobile accessibility, inclusive design patterns, and assistive technology support. Use when auditing accessibility, implementing ARIA patterns, building for screen readers, or ensuring inclusive user experiences.

security-compliance-compliance-check

242
from aiskillstore/marketplace

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide implementation guidance.

pci-compliance

242
from aiskillstore/marketplace

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

gdpr-data-handling

242
from aiskillstore/marketplace

Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.

aws-compliance-checker

242
from aiskillstore/marketplace

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

accessibility-compliance-accessibility-audit

242
from aiskillstore/marketplace

You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive technology compatibility. Conduct audits, identify barriers, and provide remediation guidance.

azure-compliance

242
from aiskillstore/marketplace

Comprehensive Azure compliance and security auditing capabilities including best practices assessment, Key Vault expiration monitoring, and resource configuration validation. USE FOR: compliance scan, security audit, azqr, Azure best practices, Key Vault expiration check, compliance assessment, resource review, configuration validation, expired certificates, expiring secrets, orphaned resources, policy compliance, security posture evaluation. DO NOT USE FOR: deploying resources (use azure-deploy), cost analysis alone (use azure-cost-optimization), active security hardening (use azure-security-hardening), general Azure Advisor queries (use azure-observability).

security-compliance

242
from aiskillstore/marketplace

Guides security professionals in implementing defense-in-depth security architectures, achieving compliance with industry frameworks (SOC2, ISO27001, GDPR, HIPAA), conducting threat modeling and risk assessments, managing security operations and incident response, and embedding security throughout the SDLC.

data-privacy-compliance

242
from aiskillstore/marketplace

Data privacy and regulatory compliance specialist for GDPR, CCPA, HIPAA, and international data protection laws. Use when implementing privacy controls, conducting data protection impact assessments, ensuring regulatory compliance, or managing data subject rights. Expert in consent management, data minimization, and privacy-by-design principles.

compliance-checker

242
from aiskillstore/marketplace

Check code against security compliance standards and best practices.

gdpr-dsgvo-expert

242
from aiskillstore/marketplace

Senior GDPR/DSGVO expert and internal/external auditor for data protection compliance. Provides EU GDPR and German DSGVO expertise, privacy impact assessments, data protection auditing, and compliance verification. Use for GDPR compliance assessments, privacy audits, data protection planning, and regulatory compliance verification.

azure-quotas

242
from aiskillstore/marketplace

Check/manage Azure quotas and usage across providers. For deployment planning, capacity validation, region selection. WHEN: "check quotas", "service limits", "current usage", "request quota increase", "quota exceeded", "validate capacity", "regional availability", "provisioning limits", "vCPU limit", "how many vCPUs available in my subscription".

DevOps & Infrastructure