
gdpr-data-handling
โ 37,559by wshobson ยท part of wshobson/agents
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
This is the playbook your agent receives when the skill activates โ you don't need to read it to use the skill, but it's here to audit before installing.
GDPR Data Handling
Practical implementation guide for GDPR-compliant data processing, consent management, and privacy controls.
When to Use This Skill
- Building systems that process EU personal data
- Implementing consent management
- Handling data subject requests (DSRs)
- Conducting GDPR compliance reviews
- Designing privacy-first architectures
- Creating data processing agreements
Core Concepts
1. Personal Data Categories
| Category | Examples | Protection Level |
|---|---|---|
| Basic | Name, email, phone | Standard |
| Sensitive (Art. 9) | Health, religion, ethnicity | Explicit consent |
| Criminal (Art. 10) | Convictions, offenses | Official authority |
| Children's | Under 16 data | Parental consent |
2. Legal Bases for Processing
Article 6 - Lawful Bases:
โโโ Consent: Freely given, specific, informed
โโโ Contract: Necessary for contract performance
โโโ Legal Obligation: Required by law
โโโ Vital Interests: Protecting someone's life
โโโ Public Interest: Official functions
โโโ Legitimate Interest: Balanced against rights3. Data Subject Rights
Right to Access (Art. 15) โโ
Right to Rectification (Art. 16) โ
Right to Erasure (Art. 17) โ Must respond
Right to Restrict (Art. 18) โ within 1 month
Right to Portability (Art. 20) โ
Right to Object (Art. 21) โโDetailed worked examples and patterns
Detailed sections (starting with ## Implementation Patterns) live in references/details.md. Read that file when the navigation summary above is insufficient.
Best Practices
Do's
- Minimize data collection - Only collect what's needed
- Document everything - Processing activities, legal bases
- Encrypt PII - At rest and in transit
- Implement access controls - Need-to-know basis
- Regular audits - Verify compliance continuously
Don'ts
- Don't pre-check consent boxes - Must be opt-in
- Don't bundle consent - Separate purposes separately
- Don't retain indefinitely - Define and enforce retention
- Don't ignore DSARs - 30-day response required
- Don't transfer without safeguards - SCCs or adequacy decisions
npx skills add https://github.com/wshobson/agents --skill gdpr-data-handlingRun this in your project โ your agent picks the skill up automatically.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under MITโ you can use, modify, and redistribute it under that license's terms.
View the full license file on GitHub โ