Agent skill
compliance-request-intake
Sub-skill of compliance: Request Intake (+3).
Install this agent skill to your Project
npx add-skill https://github.com/vamseeachanta/workspace-hub/tree/main/.claude/skills/_archive/business/legal/compliance/request-intake
SKILL.md
Request Intake (+3)
Request Intake
When a data subject request is received:
-
Identify the request type:
- Access (copy of personal data)
- Rectification (correction of inaccurate data)
- Erasure / deletion ("right to be forgotten")
- Restriction of processing
- Data portability (structured, machine-readable format)
- Objection to processing
- Opt-out of sale/sharing (CCPA/CPRA)
- Limit use of sensitive personal information (CPRA)
-
Identify applicable regulation(s):
- Where is the data subject located?
- Which laws apply based on your organization's presence and activities?
- What are the specific requirements and timelines?
-
Verify identity:
- Confirm the requester is who they claim to be
- Use reasonable verification measures proportionate to the sensitivity of the data
- Do not require excessive documentation
-
Log the request:
- Date received
- Request type
- Requester identity
- Applicable regulation
- Response deadline
- Assigned handler
Response Timelines
| Regulation | Initial Acknowledgment | Substantive Response | Extension |
|---|---|---|---|
| GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |
| CCPA/CPRA | 10 business days | 45 calendar days | +45 days (with notice) |
| UK GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |
| LGPD | Not specified | 15 days | Limited extensions |
Exemptions and Exceptions
Before fulfilling a request, check whether any exemptions apply:
Common exemptions across regulations:
- Legal claims defense or establishment
- Legal obligations requiring retention
- Public interest or official authority
- Freedom of expression and information (for erasure requests)
- Archiving in the public interest or scientific/historical research
Organization-specific considerations:
- Litigation hold: Data subject to a legal hold cannot be deleted
- Regulatory retention: Financial records, employment records, and other categories may have mandatory retention periods
- Third-party rights: Fulfilling the request might adversely affect the rights of others
Response Process
- Gather all personal data of the requester across systems
- Apply any exemptions and document the basis
- Prepare response: fulfill the request or explain why (in whole or part) it cannot be fulfilled
- If denying (in whole or part): cite the specific legal basis for denial
- Inform the requester of their right to lodge a complaint with the supervisory authority
- Document the response and retain records of the request and response
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
gsd-complete-milestone
Archive completed milestone and prepare for next version
gsd-reapply-patches
Reapply local modifications after a GSD update
gsd-verify-work
Validate built features through conversational UAT
gsd-thread
Manage persistent context threads for cross-session work
clinical-trial-protocol
Generate clinical trial protocols for medical devices or drugs through a modular, waypoint-based architecture with research-only and full protocol modes.
single-cell-rna-qc
Performs quality control on single-cell RNA-seq data (.h5ad or .h5 files) using scverse best practices with MAD-based filtering and comprehensive visualizations.
Didn't find tool you were looking for?