data-retention-skills
By mukul975
Implement GDPR/CCPA-compliant data retention: design schedules mapping data to legal periods, automate deletion workflows with cascading and audits, manage litigation holds and exceptions, configure AWS/Azure/GCP storage policies, and execute secure destruction per NIST standards.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin data-retention-skillsComponent Overview
Component Details
Skills (12)
Evaluates anonymization as a retention alternative under GDPR Recital 26, applying the WP29 Opinion 05/2014 techniques including randomization and generalization. Validates anonymization effectiveness using k-anonymity, l-diversity, and t-closeness metrics. Activate for anonymization, de-identification, k-anonymity, retention alternative queries.
Implements automated data deletion workflows for GDPR Article 17 right to erasure and retention period expiry. Covers cascading deletion across dependent systems, dependency handling for referential integrity, confirmation logging, and audit trail generation. Activate for automated deletion, erasure automation, data purge, retention expiry queries.
Manages backup and archive data under retention schedules and erasure obligations. Covers the technical infeasibility exception for backup deletion, backup cycle alignment with retention periods, restore-and-delete procedures, and interim protective measures during backup retention. Activate for backup deletion, archive erasure, backup retention, restore and delete, technical infeasibility queries.
Implements CCPA Section 1798.105 right to delete and CPRA amendments including service provider obligations, statutory exceptions for legal, security, and internal uses, consumer identity verification procedures, and 45-day response timeline management. Activate for CCPA deletion, CPRA right to delete, California privacy, consumer deletion queries.
Configures cloud storage retention policies across AWS S3, Azure Blob Storage, and Google Cloud Storage. Covers lifecycle rules, object lock, legal hold, immutability policies, cross-region replication retention alignment, and compliance mode configuration. Activate for cloud retention, S3 lifecycle, Azure retention, GCP retention policy queries.
Implements financial records retention requirements across EU directives (5-7 years), SOX Section 802 (7 years), MiFID II (5-7 years), tax records, payment data, and AML obligations under AMLD. Maps financial data categories to statutory retention periods with cross-jurisdictional reconciliation. Activate for financial retention, SOX records, MiFID retention, AML retention, tax record keeping queries.
Manages legal hold and data preservation processes including triggering events, custodian notification, hold-in-place technical implementation, release procedures, and interaction with retention schedules. Covers litigation hold registers, compliance monitoring, and Art. 17(3)(e) exception documentation. Activate for legal hold, litigation preservation, data freeze, e-discovery hold queries.
Manages retention exception workflows including request-approval processes, duration limits, periodic review cycles, documentation requirements, and audit trail maintenance. Covers legitimate grounds for extending retention beyond scheduled periods and governance controls to prevent indefinite data hoarding. Activate for retention exception, retention extension, data hoarding prevention, retention override queries.
Conducts retention impact assessments for new processing activities to determine appropriate data retention periods. Covers regulatory requirements scanning, proportionality review, purpose-based retention determination, and retention period documentation aligned with GDPR Article 5(1)(e) and Article 25 data protection by design. Activate for retention assessment, new processing retention, retention period determination queries.
Designs and implements data retention schedules compliant with GDPR Article 5(1)(e) storage limitation principle. Maps data categories to retention periods with legal basis justification, regulatory minimum holding periods, and automated review triggers for schedule maintenance. Activate for retention policy, storage limitation, data lifecycle, retention period queries.
Implements the right to be forgotten in search engines under GDPR Article 17 and the CJEU Google Spain ruling (C-131/12). Covers delisting request procedures, criteria assessment balancing privacy against public interest, and geographic scope determination. Activate for right to be forgotten, search delisting, Google Spain, de-indexing queries.
Implements NIST SP 800-88 Rev. 1 media sanitization procedures including Clear, Purge, and Destroy methods for all media types. Covers certificate of destruction generation, verification procedures, vendor management for third-party destruction, and chain of custody documentation. Activate for data destruction, media sanitization, secure erasure, certificate of destruction queries.
README
Similar Plugins
fullstack-dev-skills
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.