Agent skill

gdpr-compliance-automator

GDPR compliance assessment and automation for data mapping, consent management, DSAR handling, and privacy impact assessments

View SKILL.md on GitHub Repository
Stars 514
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/gdpr-compliance-automator

SKILL.md

GDPR Compliance Automator Skill

Purpose

Automate General Data Protection Regulation (GDPR) compliance activities including data mapping, consent management, Data Subject Access Request (DSAR) handling, privacy impact assessments, and breach notification procedures.

Capabilities

Data Mapping and Inventory

  • Discover and catalog personal data across systems
  • Map data flows between systems and third parties
  • Identify data controllers and processors
  • Document lawful basis for processing
  • Track data retention periods
  • Generate Records of Processing Activities (RoPA)

Consent Management

  • Track consent collection and withdrawal
  • Manage granular consent preferences
  • Document consent mechanisms
  • Monitor consent validity and expiration
  • Generate consent audit trails

Data Subject Access Requests (DSAR)

  • Intake and track DSAR requests
  • Automate data discovery for subjects
  • Generate subject access reports
  • Manage request timelines (30-day deadline)
  • Handle erasure requests (Right to be Forgotten)
  • Process data portability requests

Privacy Impact Assessments (PIA/DPIA)

  • Generate DPIA templates for high-risk processing
  • Assess necessity and proportionality
  • Identify and mitigate privacy risks
  • Document supervisory authority consultation
  • Track DPIA approvals and reviews

Breach Notification

  • Document data breach incidents
  • Assess breach severity and notification requirements
  • Generate supervisory authority notifications (72-hour)
  • Prepare data subject notifications
  • Track breach response and remediation

Cross-Border Transfer Compliance

  • Document international data transfers
  • Track transfer mechanisms (SCCs, BCRs, adequacy)
  • Assess transfer impact assessments
  • Monitor regulatory changes

GDPR Articles Coverage

  • Article 5: Principles of processing
  • Article 6: Lawful basis for processing
  • Article 7: Conditions for consent
  • Article 12-22: Data subject rights
  • Article 25: Data protection by design
  • Article 30: Records of processing activities
  • Article 32: Security of processing
  • Article 33-34: Breach notification
  • Article 35: Data protection impact assessment
  • Article 44-49: International transfers

Integrations

  • OneTrust: Privacy management platform
  • TrustArc: Privacy compliance automation
  • BigID: Data discovery and privacy
  • Collibra: Data governance platform
  • Custom GDPR tools: Organization-specific solutions

Target Processes

  • GDPR Compliance Assessment
  • Privacy Impact Assessments
  • Data Subject Request Handling
  • Breach Response Process
  • Privacy by Design Implementation

Input Schema

json
{
  "type": "object",
  "properties": {
    "assessmentType": {
      "type": "string",
      "enum": ["full", "gap", "dpia", "dsar", "breach"],
      "description": "Type of GDPR assessment"
    },
    "scope": {
      "type": "object",
      "properties": {
        "systems": { "type": "array", "items": { "type": "string" } },
        "dataCategories": { "type": "array", "items": { "type": "string" } },
        "processingActivities": { "type": "array", "items": { "type": "string" } }
      }
    },
    "dsarRequest": {
      "type": "object",
      "properties": {
        "requestType": { "type": "string", "enum": ["access", "erasure", "rectification", "portability", "restriction", "objection"] },
        "subjectIdentifier": { "type": "string" },
        "requestDate": { "type": "string", "format": "date" }
      }
    },
    "breachDetails": {
      "type": "object",
      "properties": {
        "discoveryDate": { "type": "string", "format": "date-time" },
        "description": { "type": "string" },
        "affectedSubjects": { "type": "integer" },
        "dataCategories": { "type": "array" }
      }
    },
    "existingRopa": {
      "type": "string",
      "description": "Path to existing Records of Processing Activities"
    }
  },
  "required": ["assessmentType"]
}

Output Schema

json
{
  "type": "object",
  "properties": {
    "assessmentId": {
      "type": "string"
    },
    "assessmentType": {
      "type": "string"
    },
    "assessmentDate": {
      "type": "string",
      "format": "date-time"
    },
    "dataInventory": {
      "type": "object",
      "properties": {
        "personalDataCategories": { "type": "array" },
        "specialCategories": { "type": "array" },
        "processingActivities": { "type": "array" },
        "thirdParties": { "type": "array" }
      }
    },
    "complianceStatus": {
      "type": "object",
      "properties": {
        "articlesAssessed": { "type": "integer" },
        "compliant": { "type": "integer" },
        "partiallyCompliant": { "type": "integer" },
        "nonCompliant": { "type": "integer" }
      }
    },
    "gapAnalysis": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "article": { "type": "string" },
          "requirement": { "type": "string" },
          "currentState": { "type": "string" },
          "gap": { "type": "string" },
          "remediation": { "type": "string" },
          "priority": { "type": "string" }
        }
      }
    },
    "dsarResponse": {
      "type": "object"
    },
    "breachAssessment": {
      "type": "object"
    },
    "recommendations": {
      "type": "array",
      "items": { "type": "string" }
    }
  }
}

Usage Example

javascript
skill: {
  name: 'gdpr-compliance-automator',
  context: {
    assessmentType: 'full',
    scope: {
      systems: ['CRM', 'Marketing Platform', 'HR System'],
      dataCategories: ['customer', 'employee', 'prospect']
    }
  }
}

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

a5c-ai/babysitter

gsd-tools

Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).

514 31
Explore
a5c-ai/babysitter

model-profile-resolution

Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.

514 31
Explore
a5c-ai/babysitter

verification-suite

Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.

514 31
Explore
a5c-ai/babysitter

state-management

STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.

514 31
Explore
a5c-ai/babysitter

git-integration

Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.

514 31
Explore
a5c-ai/babysitter

frontmatter-parsing

YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.

514 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results