compliance-required-elements-gdpr-article-28
Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).
Best use case
compliance-required-elements-gdpr-article-28 is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).
Teams using compliance-required-elements-gdpr-article-28 should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/required-elements-gdpr-article-28/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How compliance-required-elements-gdpr-article-28 Compares
| Feature / Agent | compliance-required-elements-gdpr-article-28 | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Required Elements (GDPR Article 28) (+4) ## Required Elements (GDPR Article 28) - [ ] **Subject matter and duration**: Clearly defined scope and term of processing - [ ] **Nature and purpose**: Specific description of what processing will occur and why - [ ] **Type of personal data**: Categories of personal data being processed - [ ] **Categories of data subjects**: Whose personal data is being processed - [ ] **Controller obligations and rights**: Controller's instructions and oversight rights ## Processor Obligations - [ ] **Process only on documented instructions**: Processor commits to process only per controller's instructions (with exception for legal requirements) - [ ] **Confidentiality**: Personnel authorized to process have committed to confidentiality - [ ] **Security measures**: Appropriate technical and organizational measures described (Article 32 reference) - [ ] **Sub-processor requirements**: - [ ] Written authorization requirement (general or specific) - [ ] If general authorization: notification of changes with opportunity to object - [ ] Sub-processors bound by same obligations via written agreement - [ ] Processor remains liable for sub-processor performance - [ ] **Data subject rights assistance**: Processor will assist controller in responding to data subject requests - [ ] **Security and breach assistance**: Processor will assist with security obligations, breach notification, DPIAs, and prior consultation - [ ] **Deletion or return**: On termination, delete or return all personal data (at controller's choice) and delete existing copies unless legal retention required - [ ] **Audit rights**: Controller has right to conduct audits and inspections (or accept third-party audit reports) - [ ] **Breach notification**: Processor will notify controller of personal data breaches without undue delay (ideally within 24-48 hours; must enable controller to meet 72-hour regulatory deadline) ## International Transfers - [ ] **Transfer mechanism identified**: SCCs, adequacy decision, BCRs, or other valid mechanism - [ ] **SCCs version**: Using current EU SCCs (June 2021 version) if applicable - [ ] **Correct module**: Appropriate SCC module selected (C2P, C2C, P2P, P2C) - [ ] **Transfer impact assessment**: Completed if transferring to countries without adequacy decisions - [ ] **Supplementary measures**: Technical, organizational, or contractual measures to address gaps identified in transfer impact assessment - [ ] **UK addendum**: If UK personal data is in scope, UK International Data Transfer Addendum included ## Practical Considerations - [ ] **Liability**: DPA liability provisions align with (or don't conflict with) the main services agreement - [ ] **Termination alignment**: DPA term aligns with the services agreement - [ ] **Data locations**: Processing locations specified and acceptable - [ ] **Security standards**: Specific security standards or certifications required (SOC 2, ISO 27001, etc.) - [ ] **Insurance**: Adequate insurance coverage for data processing activities ## Common DPA Issues | Issue | Risk | Standard Position | |---|---|---| | Blanket sub-processor authorization without notification | Loss of control over processing chain | Require notification with right to object | | Breach notification timeline > 72 hours | May prevent timely regulatory notification | Require notification within 24-48 hours | | No audit rights (or audit rights only via third-party reports) | Cannot verify compliance | Accept SOC 2 Type II + right to audit upon cause | | Data deletion timeline not specified | Data retained indefinitely | Require deletion within 30-90 days of termination | | No data processing locations specified | Data could be processed anywhere | Require disclosure of processing locations | | Outdated SCCs | Invalid transfer mechanism | Require current EU SCCs (2021 version) |
Related Skills
workflow-compliance-audit
Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.
compliance
Assist with privacy regulation compliance, DPA reviews, data subject requests, and regulatory monitoring
repo-structure-compliance-quick-check
Sub-skill of repo-structure: Compliance Quick-Check.
diffraction-analysis-required-report-structure-single-page-html
Sub-skill of diffraction-analysis: Required Report Structure (Single-Page HTML) (+3).
elite-frontend-ux-required-cn-helper
Sub-skill of elite-frontend-ux: Required: cn() Helper (+3).
xlsx-to-python-why-parametric-variations-are-required
Sub-skill of xlsx-to-python: Why Parametric Variations Are Required (+4).
seo-optimizer-required-for-aceengineer
Sub-skill of seo-optimizer: Required for AceEngineer (+1).
compliance-what-to-monitor
Sub-skill of compliance: What to Monitor (+2).
compliance-request-intake
Sub-skill of compliance: Request Intake (+3).
compliance-gdpr-general-data-protection-regulation
Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).
canned-responses-required-customization
Sub-skill of canned-responses: Required Customization (+2).
knowledge-management-universal-article-elements
Sub-skill of knowledge-management: Universal Article Elements (+1).