PlaygroundCatalog › GDPR Compliance
GC

GDPR Compliance

🔵 Stable🕐 updated 2026-06-24 🔷 SkillSpec L3 ⚙ ships an executable helper pm-compliance

Assess GDPR compliance and build the core records (ROPA, lawful basis, DSAR, DPIA triggers). Use when asked to get GDPR-compliant, build a Record of Processing Activities, decide a lawful basis, handle data-subject requests, or check whether a DPIA is needed. Produces a GDPR assessment — a ROPA, lawful-basis mapping per activity, DSAR workflow, DPIA-trigger screen, and a prioritised gap list.

📚 Based on EU GDPR (Art. 6, 9, 30, 35 + data-subject rights)

▶ Run it free — no key needed 📝 Grade your existing draft View SKILL.md ↗

What to give it

Processing activities — what personal data you collect, why, and where it flows (this is the spine; everything hangs off it).
Role — controller (you decide the why/how) or processor (you act on a controller's instructions); your obligations differ.
Data subjects & data types — whose data, and whether any is special-category (health, biometrics, etc.) or about children.
Transfers — any processing or storage outside the EEA (triggers transfer-mechanism requirements).

✅ The bar it holds itself to

Every skill in this library self-verifies — these are this skill's own quality checks, straight from its definition.

Every processing activity has a documented lawful basis and a retention period
"Consent" isn't used as a lazy default where contract or legitimate interests genuinely apply
Special-category data has its additional Art. 9 condition identified
DPIA-triggering activities are flagged, not buried
Cross-border transfers name a valid mechanism (adequacy, SCCs, etc.)
The DSAR workflow names the one-month statutory deadline

⚠️ What it refuses to do

Do not default every activity to "consent" — it's revocable and high-maintenance; use the basis that actually fits
Do not skip the ROPA — without the record of what you process, every other GDPR obligation is unanchored
Do not store data with no retention period — "forever" is not a lawful retention policy
Do not treat a DPIA as optional for high-risk processing — it's a legal requirement, not best practice
Do not give legal advice as settled law — flag where a DPO or counsel must confirm (esp. lawful basis and transfers)

Install

npx pm-claude-skills add --agent claude   # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcp

Related skills

🔌 Embed this skill

Drop this on your blog, docs, or site — it renders a "Run this skill" card:

<div data-pm-skill="gdpr-compliance"></div>
<script src="https://mohitagw15856.github.io/pm-claude-skills/embed.js" async></script>

💬 Discussion

GDPR Compliance is one of 625 open-source professional AI agent skills — all SkillSpec L3. Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog