Stats
Actions
Tags
From compliance-planning
Conducts GDPR compliance assessments for systems or processing activities, including data mapping, lawful basis checks, DPIA evaluation, data subject rights review, and prioritized remediation roadmaps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/compliance-planning:assess-gdprThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Conduct a comprehensive GDPR compliance assessment.
Conduct a comprehensive GDPR compliance assessment.
Load these skills:
gdpr-compliance - GDPR requirements and DPIA guidancedata-classification - Personal data categorizationSpawn the privacy-officer agent with the following prompt:
Conduct a comprehensive GDPR compliance assessment for: $ARGUMENTS
Perform the following assessments:
1. Data Mapping
- Identify all personal data collected
- Categorize data (standard vs special category)
- Map data flows (collection, processing, storage, sharing)
- Identify controllers and processors
- Document international transfers
2. Lawful Basis Assessment
- Determine lawful basis for each processing activity
- Validate consent mechanisms (if applicable)
- Conduct Legitimate Interest Assessment (if applicable)
3. DPIA Determination
- Assess if DPIA is required
- If required, conduct risk assessment
- Recommend mitigations for identified risks
4. Data Subject Rights
- Assess implementation of all rights
- Identify gaps in rights fulfillment
- Recommend improvements
5. Privacy by Design
- Evaluate data minimization
- Assess purpose limitation
- Review storage limitation
- Check transparency measures
6. Documentation Review
- Privacy notices
- Processing records (Article 30)
- Data protection policies
Provide a complete GDPR assessment with:
- Compliance score by area
- Gap analysis with priorities
- Remediation roadmap
- Evidence requirements
Ensure the report includes:
# Assess a customer data processing system
/compliance-planning:assess-gdpr "customer relationship management system processing EU customer data"
# Assess a marketing platform
/compliance-planning:assess-gdpr "email marketing platform with subscriber consent management"
# Assess an e-commerce site
/compliance-planning:assess-gdpr "e-commerce website serving EU customers with payment processing"
# GDPR Compliance Assessment: [System Name]
## Executive Summary
### Overall Compliance: [HIGH/MEDIUM/LOW]
| Area | Score | Status |
|------|-------|--------|
| Lawful Basis | [X/10] | [Status] |
| Data Subject Rights | [X/10] | [Status] |
| Security | [X/10] | [Status] |
| Documentation | [X/10] | [Status] |
| **Overall** | **[X/10]** | **[Status]** |
### Key Findings
- [Critical finding 1]
- [Critical finding 2]
---
## Personal Data Inventory
[Detailed data mapping]
---
## Lawful Basis Analysis
[Assessment per processing activity]
---
## Data Subject Rights Assessment
[Implementation status per right]
---
## DPIA Assessment
### Required: [Yes/No]
[If yes, full DPIA]
---
## Gap Analysis
### Critical Gaps
| Gap | GDPR Article | Risk | Remediation |
|-----|--------------|------|-------------|
---
## Remediation Roadmap
### Immediate (0-30 days)
1. [Action]
### Short-term (30-90 days)
1. [Action]
### Long-term (90+ days)
1. [Action]
---
## Documentation Checklist
- [ ] Privacy notice updated
- [ ] Article 30 records complete
- [ ] DPIAs conducted
- [ ] BAAs/DPAs in place
- [ ] Consent records maintained
npx claudepluginhub melodic-software/claude-code-plugins --plugin compliance-planningAssesses an organization's GDPR compliance posture across data processing activities, documentation, and technical controls. Useful for audits, ROPA review, and consent mechanism evaluation.
Audits code/systems for GDPR violations, drafts privacy policies/DPAs/consent notices, answers questions with article citations, reviews data flows/PII handling.
Assess GDPR compliance for data processing, rights, privacy controls, and incident response obligations.