Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Implement GDPR-compliant data handling: consent management, data subject rights, and PII controls.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
SKILL.md
1---2name: gdpr-data-handling3description: Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.4---56# GDPR Data Handling78Practical implementation guide for GDPR-compliant data processing, consent management, and privacy controls.910## When to Use This Skill1112- Building systems that process EU personal data13- Implementing consent management14- Handling data subject requests (DSRs)15- Conducting GDPR compliance reviews16- Designing privacy-first architectures17- Creating data processing agreements1819## Core Concepts2021### 1. Personal Data Categories2223| Category | Examples | Protection Level |24| ---------------------- | --------------------------- | ------------------ |25| **Basic** | Name, email, phone | Standard |26| **Sensitive (Art. 9)** | Health, religion, ethnicity | Explicit consent |27| **Criminal (Art. 10)** | Convictions, offenses | Official authority |28| **Children's** | Under 16 data | Parental consent |2930### 2. Legal Bases for Processing3132```33Article 6 - Lawful Bases:34├── Consent: Freely given, specific, informed35├── Contract: Necessary for contract performance36├── Legal Obligation: Required by law37├── Vital Interests: Protecting someone's life38├── Public Interest: Official functions39└── Legitimate Interest: Balanced against rights40```4142### 3. Data Subject Rights4344```45Right to Access (Art. 15) ─┐46Right to Rectification (Art. 16) │47Right to Erasure (Art. 17) │ Must respond48Right to Restrict (Art. 18) │ within 1 month49Right to Portability (Art. 20) │50Right to Object (Art. 21) ─┘51```5253## Detailed worked examples and patterns5455Detailed sections (starting with `## Implementation Patterns`) live in `references/details.md`. Read that file when the navigation summary above is insufficient.5657## Best Practices5859### Do's6061- **Minimize data collection** - Only collect what's needed62- **Document everything** - Processing activities, legal bases63- **Encrypt PII** - At rest and in transit64- **Implement access controls** - Need-to-know basis65- **Regular audits** - Verify compliance continuously6667### Don'ts6869- **Don't pre-check consent boxes** - Must be opt-in70- **Don't bundle consent** - Separate purposes separately71- **Don't retain indefinitely** - Define and enforce retention72- **Don't ignore DSARs** - 30-day response required73- **Don't transfer without safeguards** - SCCs or adequacy decisions74