Gdpr Dsgvo Expert
Scan repos for GDPR/DSGVO privacy risks, score compliance, and produce DPIA and data-subject-rights artifacts.
Overview
GDPR DSGVO Expert is an agent skill most often used in Ship (also Operate, Validate) that scans code for privacy risks and supports DPIA and data-subject-rights workflows for EU compliance.
Install
npx skills add https://github.com/alirezarezvani/claude-skills --skill gdpr-dsgvo-expertWhat is this skill?
- GDPR Compliance Checker CLI with JSON output for CI/CD (`--json --output report.json`)
- Detects personal, special-category, and financial data patterns plus risky logging and retention code
- Compliance score 0–100 with risk categorization from project scans
- DPIA Generator and Data Subject Rights Tracker workflows in the skill suite
- Compliance score reported on a 0–100 scale from the GDPR Compliance Checker
Adoption & trust: 766 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You process personal data in your app but lack a structured way to find GDPR gaps in code before customers or regulators ask.
Who is it for?
Indie SaaS founders targeting EU users who need repeatable privacy scans and documentation without a full-time DPO.
Skip if: US-only products with no personal data, or teams that need certified legal advice instead of technical screening.
When should I use this skill?
Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.
What do I get? / Deliverables
You get a compliance score, categorized findings, and paths to DPIA docs and rights-request tracking for remediation and launch readiness.
- Compliance scan report (terminal or JSON)
- DPIA documentation drafts
- Data subject rights tracking structure
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Privacy compliance gates belong in Ship when you harden the product before real users and EU-facing launch. Automated scans and DPIA generation align with security and compliance review, not feature coding.
Where it fits
Define which MVP features collect email or payment data before building consent flows.
Run the checker and export JSON in CI before enabling production signups in the EU.
Re-scan after adding analytics or new logging to catch accidental PII retention.
How it compares
Technical GDPR checker and doc helpers—not a substitute for lawyer-led legal opinion or SOC2 programs.
Common Questions / FAQ
Who is gdpr-dsgvo-expert for?
Solo and small-team builders handling EU personal data who want agent-driven privacy audits and DPIA support in the repo.
When should I use gdpr-dsgvo-expert?
In Ship/security before launch; in Operate/iterate after schema or logging changes; in Validate/scope when scoping MVP data collection for EU markets.
Is gdpr-dsgvo-expert safe to install?
It runs local Python scanners over your codebase—review the Security Audits panel on this page and inspect scripts before CI execution.
SKILL.md
READMESKILL.md - Gdpr Dsgvo Expert
# GDPR/DSGVO Expert Tools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance. --- ## Table of Contents - [Tools](#tools) - [GDPR Compliance Checker](#gdpr-compliance-checker) - [DPIA Generator](#dpia-generator) - [Data Subject Rights Tracker](#data-subject-rights-tracker) - [Reference Guides](#reference-guides) - [Workflows](#workflows) --- ## Tools ### GDPR Compliance Checker Scans codebases for potential GDPR compliance issues including personal data patterns and risky code practices. ```bash # Scan a project directory python scripts/gdpr_compliance_checker.py /path/to/project # JSON output for CI/CD integration python scripts/gdpr_compliance_checker.py . --json --output report.json ``` **Detects:** - Personal data patterns (email, phone, IP addresses) - Special category data (health, biometric, religion) - Financial data (credit cards, IBAN) - Risky code patterns: - Logging personal data - Missing consent mechanisms - Indefinite data retention - Unencrypted sensitive data - Disabled deletion functionality **Output:** - Compliance score (0-100) - Risk categorization (critical, high, medium) - Prioritized recommendations with GDPR article references --- ### DPIA Generator Generates Data Protection Impact Assessment documentation following Art. 35 requirements. ```bash # Get input template python scripts/dpia_generator.py --template > input.json # Generate DPIA report python scripts/dpia_generator.py --input input.json --output dpia_report.md ``` **Features:** - Automatic DPIA threshold assessment - Risk identification based on processing characteristics - Legal basis requirements documentation - Mitigation recommendations - Markdown report generation **DPIA Triggers Assessed:** - Systematic monitoring (Art. 35(3)(c)) - Large-scale special category data (Art. 35(3)(b)) - Automated decision-making (Art. 35(3)(a)) - WP29 high-risk criteria --- ### Data Subject Rights Tracker Manages data subject rights requests under GDPR Articles 15-22. ```bash # Add new request python scripts/data_subject_rights_tracker.py add \ --type access --subject "John Doe" --email "john@example.com" # List all requests python scripts/data_subject_rights_tracker.py list # Update status python scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified # Generate compliance report python scripts/data_subject_rights_tracker.py report --output compliance.json # Generate response template python scripts/data_subject_rights_tracker.py template --id DSR-202601-0001 ``` **Supported Rights:** | Right | Article | Deadline | |-------|---------|----------| | Access | Art. 15 | 30 days | | Rectification | Art. 16 | 30 days | | Erasure | Art. 17 | 30 days | | Restriction | Art. 18 | 30 days | | Portability | Art. 20 | 30 days | | Objection | Art. 21 | 30 days | | Automated decisions | Art. 22 | 30 days | **Features:** - Deadline tracking with overdue alerts - Identity verification workflow - Response template generation - Compliance reporting --- ## Reference Guides ### GDPR Compliance Guide `references/gdpr_compliance_guide.md` Comprehensive implementation guidance covering: - Legal bases for processing (Art. 6) - Special category requirements (Art. 9) - Data subject rights implementation - Accountability requirements (Art. 30) - International transfers (Chapter V) - Breach notification (Art. 33-34) ### German BDSG Requirements `references/german_bdsg_requirements.md` German-specific requirements including: - DPO appointment threshold (§ 38 BDSG - 20+ employees) - Employment data processing (§ 26 BDSG) -