compliance-required-elements-gdpr-article-28

Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).

5 stars

Best use case

compliance-required-elements-gdpr-article-28 is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).

Teams using compliance-required-elements-gdpr-article-28 should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/required-elements-gdpr-article-28/SKILL.md --create-dirs "https://raw.githubusercontent.com/vamseeachanta/workspace-hub/main/.agents/skills/_archive/business/legal/compliance/required-elements-gdpr-article-28/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/required-elements-gdpr-article-28/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How compliance-required-elements-gdpr-article-28 Compares

Feature / Agentcompliance-required-elements-gdpr-article-28Standard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Sub-skill of compliance: Required Elements (GDPR Article 28) (+4).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Required Elements (GDPR Article 28) (+4)

## Required Elements (GDPR Article 28)


- [ ] **Subject matter and duration**: Clearly defined scope and term of processing
- [ ] **Nature and purpose**: Specific description of what processing will occur and why
- [ ] **Type of personal data**: Categories of personal data being processed
- [ ] **Categories of data subjects**: Whose personal data is being processed
- [ ] **Controller obligations and rights**: Controller's instructions and oversight rights


## Processor Obligations


- [ ] **Process only on documented instructions**: Processor commits to process only per controller's instructions (with exception for legal requirements)
- [ ] **Confidentiality**: Personnel authorized to process have committed to confidentiality
- [ ] **Security measures**: Appropriate technical and organizational measures described (Article 32 reference)
- [ ] **Sub-processor requirements**:
  - [ ] Written authorization requirement (general or specific)
  - [ ] If general authorization: notification of changes with opportunity to object
  - [ ] Sub-processors bound by same obligations via written agreement
  - [ ] Processor remains liable for sub-processor performance
- [ ] **Data subject rights assistance**: Processor will assist controller in responding to data subject requests
- [ ] **Security and breach assistance**: Processor will assist with security obligations, breach notification, DPIAs, and prior consultation
- [ ] **Deletion or return**: On termination, delete or return all personal data (at controller's choice) and delete existing copies unless legal retention required
- [ ] **Audit rights**: Controller has right to conduct audits and inspections (or accept third-party audit reports)
- [ ] **Breach notification**: Processor will notify controller of personal data breaches without undue delay (ideally within 24-48 hours; must enable controller to meet 72-hour regulatory deadline)


## International Transfers


- [ ] **Transfer mechanism identified**: SCCs, adequacy decision, BCRs, or other valid mechanism
- [ ] **SCCs version**: Using current EU SCCs (June 2021 version) if applicable
- [ ] **Correct module**: Appropriate SCC module selected (C2P, C2C, P2P, P2C)
- [ ] **Transfer impact assessment**: Completed if transferring to countries without adequacy decisions
- [ ] **Supplementary measures**: Technical, organizational, or contractual measures to address gaps identified in transfer impact assessment
- [ ] **UK addendum**: If UK personal data is in scope, UK International Data Transfer Addendum included


## Practical Considerations


- [ ] **Liability**: DPA liability provisions align with (or don't conflict with) the main services agreement
- [ ] **Termination alignment**: DPA term aligns with the services agreement
- [ ] **Data locations**: Processing locations specified and acceptable
- [ ] **Security standards**: Specific security standards or certifications required (SOC 2, ISO 27001, etc.)
- [ ] **Insurance**: Adequate insurance coverage for data processing activities


## Common DPA Issues


| Issue | Risk | Standard Position |
|---|---|---|
| Blanket sub-processor authorization without notification | Loss of control over processing chain | Require notification with right to object |
| Breach notification timeline > 72 hours | May prevent timely regulatory notification | Require notification within 24-48 hours |
| No audit rights (or audit rights only via third-party reports) | Cannot verify compliance | Accept SOC 2 Type II + right to audit upon cause |
| Data deletion timeline not specified | Data retained indefinitely | Require deletion within 30-90 days of termination |
| No data processing locations specified | Data could be processed anywhere | Require disclosure of processing locations |
| Outdated SCCs | Invalid transfer mechanism | Require current EU SCCs (2021 version) |

Related Skills

workflow-compliance-audit

5
from vamseeachanta/workspace-hub

Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.

compliance

5
from vamseeachanta/workspace-hub

Assist with privacy regulation compliance, DPA reviews, data subject requests, and regulatory monitoring

repo-structure-compliance-quick-check

5
from vamseeachanta/workspace-hub

Sub-skill of repo-structure: Compliance Quick-Check.

diffraction-analysis-required-report-structure-single-page-html

5
from vamseeachanta/workspace-hub

Sub-skill of diffraction-analysis: Required Report Structure (Single-Page HTML) (+3).

elite-frontend-ux-required-cn-helper

5
from vamseeachanta/workspace-hub

Sub-skill of elite-frontend-ux: Required: cn() Helper (+3).

xlsx-to-python-why-parametric-variations-are-required

5
from vamseeachanta/workspace-hub

Sub-skill of xlsx-to-python: Why Parametric Variations Are Required (+4).

seo-optimizer-required-for-aceengineer

5
from vamseeachanta/workspace-hub

Sub-skill of seo-optimizer: Required for AceEngineer (+1).

compliance-what-to-monitor

5
from vamseeachanta/workspace-hub

Sub-skill of compliance: What to Monitor (+2).

compliance-request-intake

5
from vamseeachanta/workspace-hub

Sub-skill of compliance: Request Intake (+3).

compliance-gdpr-general-data-protection-regulation

5
from vamseeachanta/workspace-hub

Sub-skill of compliance: GDPR (General Data Protection Regulation) (+2).

canned-responses-required-customization

5
from vamseeachanta/workspace-hub

Sub-skill of canned-responses: Required Customization (+2).

knowledge-management-universal-article-elements

5
from vamseeachanta/workspace-hub

Sub-skill of knowledge-management: Universal Article Elements (+1).