compliance-gdpr-general-data-protection-regulation
Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).
Best use case
compliance-gdpr-general-data-protection-regulation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).
Teams using compliance-gdpr-general-data-protection-regulation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/gdpr-general-data-protection-regulation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How compliance-gdpr-general-data-protection-regulation Compares
| Feature / Agent | compliance-gdpr-general-data-protection-regulation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# GDPR (General Data Protection Regulation) (+2) ## GDPR (General Data Protection Regulation) **Scope**: Applies to processing of personal data of individuals in the EU/EEA, regardless of where the processing organization is located. **Key Obligations for In-House Legal Teams**: - **Lawful basis**: Identify and document lawful basis for each processing activity (consent, contract, legitimate interest, legal obligation, vital interest, public task) - **Data subject rights**: Respond to access, rectification, erasure, portability, restriction, and objection requests within 30 days (extendable by 60 days for complex requests) - **Data protection impact assessments (DPIAs)**: Required for processing likely to result in high risk to individuals - **Breach notification**: Notify supervisory authority within 72 hours of becoming aware of a personal data breach; notify affected individuals without undue delay if high risk - **Records of processing**: Maintain Article 30 records of processing activities - **International transfers**: Ensure appropriate safeguards for transfers outside EEA (SCCs, adequacy decisions, BCRs) - **DPO requirement**: Appoint a Data Protection Officer if required (public authority, large-scale processing of special categories, large-scale systematic monitoring) **Common In-House Legal Touchpoints**: - Reviewing vendor DPAs for GDPR compliance - Advising product teams on privacy by design requirements - Responding to supervisory authority inquiries - Managing cross-border data transfer mechanisms - Reviewing consent mechanisms and privacy notices ## CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act) **Scope**: Applies to businesses that collect personal information of California residents and meet revenue, data volume, or data sale thresholds. **Key Obligations**: - **Right to know**: Consumers can request disclosure of personal information collected, used, and shared - **Right to delete**: Consumers can request deletion of their personal information - **Right to opt-out**: Consumers can opt out of the sale or sharing of personal information - **Right to correct**: Consumers can request correction of inaccurate personal information (CPRA addition) - **Right to limit use of sensitive personal information**: Consumers can limit use of sensitive PI to specific purposes (CPRA addition) - **Non-discrimination**: Cannot discriminate against consumers who exercise their rights - **Privacy notice**: Must provide a privacy notice at or before collection describing categories of PI collected and purposes - **Service provider agreements**: Contracts with service providers must restrict use of PI to the specified business purpose **Response Timelines**: - Acknowledge receipt within 10 business days - Respond substantively within 45 calendar days (extendable by 45 days with notice) ## Other Key Regulations to Monitor | Regulation | Jurisdiction | Key Differentiators | |---|---|---| | **LGPD** (Brazil) | Brazil | Similar to GDPR; requires DPO appointment; National Data Protection Authority (ANPD) enforcement | | **POPIA** (South Africa) | South Africa | Information Regulator oversight; required registration of processing | | **PIPEDA** (Canada) | Canada (federal) | Consent-based framework; OPC oversight; being modernized | | **PDPA** (Singapore) | Singapore | Do Not Call registry; mandatory breach notification; PDPC enforcement | | **Privacy Act** (Australia) | Australia | Australian Privacy Principles (APPs); notifiable data breaches scheme | | **PIPL** (China) | China | Strict cross-border transfer rules; data localization requirements; CAC oversight | | **UK GDPR** | United Kingdom | Post-Brexit UK version; ICO oversight; similar to EU GDPR with UK-specific adequacy |
Related Skills
data-validation-reporter
Generate interactive validation reports with quality scoring, missing data analysis, and type checking. Combines Pandas validation, Plotly visualization, and YAML configuration for comprehensive data quality reporting.
worldenergydata-source-readiness
Route agents to the canonical worldenergydata source-readiness skill and summary script. Use when asked for worldenergydata data completeness, data locations, latest known data dates, scheduler freshness, source-readiness status, or acceptance-criteria inputs across the repo ecosystem.
sodir-data-extractor
Extract and process Norwegian Petroleum Directorate field and production data from SODIR
metocean-data-fetcher
Fetch real-time and historical metocean data from NDBC, CO-OPS, Open-Meteo, ERDDAP, and MET Norway. Use for buoy data retrieval, tidal observations, marine forecasts, and multi-source data fusion.
energy-data-visualizer
Interactive visualization for oil and gas production data analysis using Plotly dashboards
bsee-data-extractor
Extract and process BSEE (Bureau of Safety and Environmental Enforcement) data including production, WAR (Well Activity Reports), and APD (Application for Permit to Drill) data. Use for querying production data, well activities, drilling permits, completions, and workovers by API number, block, lease, or field with automatic data normalization and caching.
tax-return-data-capture-and-archival
Capture structured tax return summaries as YAML for year-over-year comparison, with fallback to manual PDF download and relocation when automation fails
repo-separation-for-sensitive-data
Architecture pattern for splitting confidential data and reusable algorithms across repos
metadata-only-wiki-sweep-workflow
Disciplined inventory process for cataloging documents by filename/path without content claims, using parent-centric grouping to prevent stub proliferation
metadata-only-inventory-sweep
Execute constrained file inventory sweeps with metadata-only stubs and validation, useful for staged documentation work on large file sets
handle-blocked-financial-sites-data-export
Workflow for extracting data from blocked financial sites when browser automation is restricted
financial-data-export-workflow
Structured process for exporting and analyzing multi-year brokerage transaction history when browser automation is blocked