compliance-gdpr-general-data-protection-regulation

Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).

5 stars

Best use case

compliance-gdpr-general-data-protection-regulation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).

Teams using compliance-gdpr-general-data-protection-regulation should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/gdpr-general-data-protection-regulation/SKILL.md --create-dirs "https://raw.githubusercontent.com/vamseeachanta/workspace-hub/main/.agents/skills/_archive/business/legal/compliance/gdpr-general-data-protection-regulation/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/gdpr-general-data-protection-regulation/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How compliance-gdpr-general-data-protection-regulation Compares

Feature / Agentcompliance-gdpr-general-data-protection-regulationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# GDPR (General Data Protection Regulation) (+2)

## GDPR (General Data Protection Regulation)


**Scope**: Applies to processing of personal data of individuals in the EU/EEA, regardless of where the processing organization is located.

**Key Obligations for In-House Legal Teams**:
- **Lawful basis**: Identify and document lawful basis for each processing activity (consent, contract, legitimate interest, legal obligation, vital interest, public task)
- **Data subject rights**: Respond to access, rectification, erasure, portability, restriction, and objection requests within 30 days (extendable by 60 days for complex requests)
- **Data protection impact assessments (DPIAs)**: Required for processing likely to result in high risk to individuals
- **Breach notification**: Notify supervisory authority within 72 hours of becoming aware of a personal data breach; notify affected individuals without undue delay if high risk
- **Records of processing**: Maintain Article 30 records of processing activities
- **International transfers**: Ensure appropriate safeguards for transfers outside EEA (SCCs, adequacy decisions, BCRs)
- **DPO requirement**: Appoint a Data Protection Officer if required (public authority, large-scale processing of special categories, large-scale systematic monitoring)

**Common In-House Legal Touchpoints**:
- Reviewing vendor DPAs for GDPR compliance
- Advising product teams on privacy by design requirements
- Responding to supervisory authority inquiries
- Managing cross-border data transfer mechanisms
- Reviewing consent mechanisms and privacy notices


## CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act)


**Scope**: Applies to businesses that collect personal information of California residents and meet revenue, data volume, or data sale thresholds.

**Key Obligations**:
- **Right to know**: Consumers can request disclosure of personal information collected, used, and shared
- **Right to delete**: Consumers can request deletion of their personal information
- **Right to opt-out**: Consumers can opt out of the sale or sharing of personal information
- **Right to correct**: Consumers can request correction of inaccurate personal information (CPRA addition)
- **Right to limit use of sensitive personal information**: Consumers can limit use of sensitive PI to specific purposes (CPRA addition)
- **Non-discrimination**: Cannot discriminate against consumers who exercise their rights
- **Privacy notice**: Must provide a privacy notice at or before collection describing categories of PI collected and purposes
- **Service provider agreements**: Contracts with service providers must restrict use of PI to the specified business purpose

**Response Timelines**:
- Acknowledge receipt within 10 business days
- Respond substantively within 45 calendar days (extendable by 45 days with notice)


## Other Key Regulations to Monitor


| Regulation | Jurisdiction | Key Differentiators |
|---|---|---|
| **LGPD** (Brazil) | Brazil | Similar to GDPR; requires DPO appointment; National Data Protection Authority (ANPD) enforcement |
| **POPIA** (South Africa) | South Africa | Information Regulator oversight; required registration of processing |
| **PIPEDA** (Canada) | Canada (federal) | Consent-based framework; OPC oversight; being modernized |
| **PDPA** (Singapore) | Singapore | Do Not Call registry; mandatory breach notification; PDPC enforcement |
| **Privacy Act** (Australia) | Australia | Australian Privacy Principles (APPs); notifiable data breaches scheme |
| **PIPL** (China) | China | Strict cross-border transfer rules; data localization requirements; CAC oversight |
| **UK GDPR** | United Kingdom | Post-Brexit UK version; ICO oversight; similar to EU GDPR with UK-specific adequacy |

Related Skills

data-validation-reporter

5
from vamseeachanta/workspace-hub

Generate interactive validation reports with quality scoring, missing data analysis, and type checking. Combines Pandas validation, Plotly visualization, and YAML configuration for comprehensive data quality reporting.

worldenergydata-source-readiness

5
from vamseeachanta/workspace-hub

Route agents to the canonical worldenergydata source-readiness skill and summary script. Use when asked for worldenergydata data completeness, data locations, latest known data dates, scheduler freshness, source-readiness status, or acceptance-criteria inputs across the repo ecosystem.

sodir-data-extractor

5
from vamseeachanta/workspace-hub

Extract and process Norwegian Petroleum Directorate field and production data from SODIR

metocean-data-fetcher

5
from vamseeachanta/workspace-hub

Fetch real-time and historical metocean data from NDBC, CO-OPS, Open-Meteo, ERDDAP, and MET Norway. Use for buoy data retrieval, tidal observations, marine forecasts, and multi-source data fusion.

energy-data-visualizer

5
from vamseeachanta/workspace-hub

Interactive visualization for oil and gas production data analysis using Plotly dashboards

bsee-data-extractor

5
from vamseeachanta/workspace-hub

Extract and process BSEE (Bureau of Safety and Environmental Enforcement) data including production, WAR (Well Activity Reports), and APD (Application for Permit to Drill) data. Use for querying production data, well activities, drilling permits, completions, and workovers by API number, block, lease, or field with automatic data normalization and caching.

tax-return-data-capture-and-archival

5
from vamseeachanta/workspace-hub

Capture structured tax return summaries as YAML for year-over-year comparison, with fallback to manual PDF download and relocation when automation fails

repo-separation-for-sensitive-data

5
from vamseeachanta/workspace-hub

Architecture pattern for splitting confidential data and reusable algorithms across repos

metadata-only-wiki-sweep-workflow

5
from vamseeachanta/workspace-hub

Disciplined inventory process for cataloging documents by filename/path without content claims, using parent-centric grouping to prevent stub proliferation

metadata-only-inventory-sweep

5
from vamseeachanta/workspace-hub

Execute constrained file inventory sweeps with metadata-only stubs and validation, useful for staged documentation work on large file sets

handle-blocked-financial-sites-data-export

5
from vamseeachanta/workspace-hub

Workflow for extracting data from blocked financial sites when browser automation is restricted

financial-data-export-workflow

5
from vamseeachanta/workspace-hub

Structured process for exporting and analyzing multi-year brokerage transaction history when browser automation is blocked