compliance-request-intake
Sub-skill of compliance: Request Intake (+3).
Best use case
compliance-request-intake is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Sub-skill of compliance: Request Intake (+3).
Teams using compliance-request-intake should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/request-intake/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How compliance-request-intake Compares
| Feature / Agent | compliance-request-intake | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Sub-skill of compliance: Request Intake (+3).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Request Intake (+3)
## Request Intake
When a data subject request is received:
1. **Identify the request type**:
- Access (copy of personal data)
- Rectification (correction of inaccurate data)
- Erasure / deletion ("right to be forgotten")
- Restriction of processing
- Data portability (structured, machine-readable format)
- Objection to processing
- Opt-out of sale/sharing (CCPA/CPRA)
- Limit use of sensitive personal information (CPRA)
2. **Identify applicable regulation(s)**:
- Where is the data subject located?
- Which laws apply based on your organization's presence and activities?
- What are the specific requirements and timelines?
3. **Verify identity**:
- Confirm the requester is who they claim to be
- Use reasonable verification measures proportionate to the sensitivity of the data
- Do not require excessive documentation
4. **Log the request**:
- Date received
- Request type
- Requester identity
- Applicable regulation
- Response deadline
- Assigned handler
## Response Timelines
| Regulation | Initial Acknowledgment | Substantive Response | Extension |
|---|---|---|---|
| GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |
| CCPA/CPRA | 10 business days | 45 calendar days | +45 days (with notice) |
| UK GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |
| LGPD | Not specified | 15 days | Limited extensions |
## Exemptions and Exceptions
Before fulfilling a request, check whether any exemptions apply:
**Common exemptions across regulations**:
- Legal claims defense or establishment
- Legal obligations requiring retention
- Public interest or official authority
- Freedom of expression and information (for erasure requests)
- Archiving in the public interest or scientific/historical research
**Organization-specific considerations**:
- Litigation hold: Data subject to a legal hold cannot be deleted
- Regulatory retention: Financial records, employment records, and other categories may have mandatory retention periods
- Third-party rights: Fulfilling the request might adversely affect the rights of others
## Response Process
1. Gather all personal data of the requester across systems
2. Apply any exemptions and document the basis
3. Prepare response: fulfill the request or explain why (in whole or part) it cannot be fulfilled
4. If denying (in whole or part): cite the specific legal basis for denial
5. Inform the requester of their right to lodge a complaint with the supervisory authority
6. Document the response and retain records of the request and responseRelated Skills
requesting-code-review
Pre-commit verification pipeline — static security scan, baseline-aware quality gates, independent reviewer subagent, and auto-fix loop. Use after code changes and before committing, pushing, or opening a PR.
workflow-compliance-audit
Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.
compliance
Assist with privacy regulation compliance, DPA reviews, data subject requests, and regulatory monitoring
repo-structure-compliance-quick-check
Sub-skill of repo-structure: Compliance Quick-Check.
compliance-what-to-monitor
Sub-skill of compliance: What to Monitor (+2).
compliance-required-elements-gdpr-article-28
Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).
compliance-gdpr-general-data-protection-regulation
Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).
canned-responses-1-data-subject-requests-dsrs
Sub-skill of canned-responses: 1. Data Subject Requests (DSRs) (+6).
theme-factory-request-details
Sub-skill of theme-factory: Request Details (+2).
technology-stack-modernization-workspace-hub-compliance
Sub-skill of technology-stack-modernization: Workspace-Hub Compliance (+2).
test-oversized-skill
A test fixture skill that exceeds 200 lines with multiple H2/H3 sections for split testing.
interactive-report-generator
Generate interactive HTML reports with Plotly visualizations from data analysis results. Supports dashboards, charts, and professional styling.