gdpr-compliance
npx machina-cli add skill BagelHole/DevOps-Security-Agent-Skills/gdpr-compliance --openclawGDPR Compliance
Implement GDPR requirements for EU data protection.
Key Principles
principles:
lawfulness: Legal basis for processing
purpose_limitation: Specific, explicit purposes
data_minimization: Adequate, relevant, limited
accuracy: Accurate and up to date
storage_limitation: No longer than necessary
integrity: Secure processing
accountability: Demonstrate compliance
Data Subject Rights
rights:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decisions
Technical Implementation
# Data export for portability
def export_user_data(user_id):
return {
"profile": get_profile(user_id),
"activity": get_activity_log(user_id),
"preferences": get_preferences(user_id)
}
# Right to erasure
def delete_user_data(user_id):
anonymize_profile(user_id)
delete_activity_log(user_id)
log_deletion(user_id)
Best Practices
- Privacy impact assessments
- Data processing agreements
- Consent management
- Breach notification (72 hours)
- Data Protection Officer (if required)
Source
git clone https://github.com/BagelHole/DevOps-Security-Agent-Skills/blob/main/compliance/frameworks/gdpr-compliance/SKILL.mdView on GitHub Overview
Implements GDPR data protection requirements for processing EU personal data. It codifies the core principles (lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, accountability) and clearly defines data subject rights. It also emphasizes consent management and privacy by design to embed GDPR controls in product development and data flows.
How This Skill Works
Specifies GDPR principles, data subject rights, and practical actions in code and policy. It provides concrete functions for data export and erasure (export_user_data and delete_user_data) to support portability and erasure requests. By aligning with consent management and DPIA practices, it enables compliant data processing across systems.
When to Use It
- Processing EU personal data (EU users or customers) in your product or service
- Responding to data subject rights requests (access, rectification, erasure, portability, etc.)
- Implementing consent management and tracking user consent
- Conducting privacy by design and data minimization in new features
- Preparing breach notification procedures and DPO alignment (if required)
Quick Start
- Step 1: Map data flows and identify the lawful basis for EU data processing
- Step 2: Implement data export and erasure routines (export_user_data, delete_user_data) and set up consent management
- Step 3: Integrate privacy by design, DPIAs, and breach notification readiness into development lifecycle
Best Practices
- Privacy impact assessments (PIAs) for new features and data flows
- Data processing agreements with vendors handling EU data
- Explicit consent management and clear purposes for processing
- Notify breaches within 72 hours and document response
- Appoint a Data Protection Officer if required by law or scale
Example Use Cases
- SaaS platform processing EU user data with consent controls
- Exporting user data (profile, activity, preferences) for portability
- Erasing data by anonymizing profile and deleting activity logs
- Supporting rights requests (access, rectification, portability, objection)
- Designing features with privacy by design and data minimization
