data-subject-rights-skills

Manages GDPR Article 22 rights related to solely automated decision-making and profiling, including identification of automated decisions, meaningful human oversight implementation, logic explanation requirements, and contestation mechanisms. Activate for automated decision, profiling, Art. 22, algorithmic decision, AI decision queries.

Manages California Consumer Privacy Act (CCPA) consumer rights requests under Civil Code sections 1798.100-125, covering the right to know, right to delete, right to opt-out of sale, and non-discrimination. Includes 45-day response window and identity verification requirements. Activate for CCPA, California privacy, right to know, right to delete, opt-out of sale queries.

Implements CPRA Section 1798.135 opt-out preference signal handling, covering Global Privacy Control (GPC) technical detection, automated signal honoring, cross-device consistency, and the relationship between browser signals and explicit consumer choices. Activate for GPC, opt-out preference signal, CPRA 1798.135, browser privacy signal, Do Not Sell queries.

Executes GDPR Article 20 data portability requests, covering machine-readable format requirements (JSON, CSV, XML), direct controller-to-controller transfer mechanisms, and scope limitations to data provided by the subject on consent or contract basis. Activate for portability, data export, Art. 20, data transfer queries.

Provides GDPR Article 13 information at the point of direct data collection, covering all required elements under Art. 13(1)(a)-(f) and Art. 13(2)(a)-(g), layered notice design, and timing requirements. Activate for Art. 13, direct collection notice, privacy notice at collection, data collection information queries.

Builds a multi-channel DSAR intake system supporting web form, email, phone, and in-person requests with identity verification tiers, automated routing logic, SLA tracking, and response generation. Activate for DSAR intake, rights request portal, multi-channel intake, SLA tracking, request management queries.

Guides AI agents through the complete GDPR Data Subject Access Request (DSAR) workflow under Article 15, including identity verification, 30-day deadline calculation with extensions, response formatting, exemptions, and fee provisions. Activate when handling DSAR, access request, subject access, Art. 15, or SAR queries.

Provides GDPR Article 14 information for personal data obtained from sources other than the data subject, covering timing requirements (within reasonable period, max one month), source disclosure, all required elements, and exemptions under Art. 14(5). Activate for Art. 14, indirect collection, third-party data source, indirect data notice queries.

Manages the absolute right to object to direct marketing under GDPR Article 21(2)-(3), covering immediate cessation of all direct marketing processing, suppression list management, cross-channel enforcement, and profiling for marketing purposes. Activate for marketing opt-out, unsubscribe, Art. 21(2), direct marketing objection queries.

Manages responses to regulatory complaints lodged with supervisory authorities under GDPR Article 77, covering internal escalation procedures, DPA response coordination, remediation tracking, and compliance documentation. Activate for regulatory complaint, supervisory authority complaint, Art. 77, DPA response, ICO complaint queries.

Handles GDPR Article 18 right to restriction of processing requests, covering the four grounds for restriction (accuracy contest, unlawful processing, erasure opposition, legitimate interest pending), technical flagging mechanisms, and lifting procedures. Activate for restriction request, Art. 18, processing freeze queries.

Implements the GDPR Article 17 right to erasure (right to be forgotten) workflow, covering all six grounds for erasure, five exceptions, technical deletion versus anonymization decisions, and third-party notification under Article 19. Activate for erasure request, deletion request, right to be forgotten, Art. 17 queries.

Handles GDPR Article 21 right to object to processing, including compelling legitimate grounds assessment, ceasing processing obligations, documentation requirements, and the relationship with erasure under Article 17(1)(c). Activate for right to object, Art. 21, objection to processing, legitimate interest queries.

Processes GDPR Article 16 right to rectification requests, covering verification of corrected data accuracy, notification to recipients under Article 19, timeline management, and completion of incomplete data. Activate for rectification, correction request, inaccurate data, Art. 16, data correction queries.

Implements GDPR Article 12 transparent information and communication requirements, covering concise, intelligible, and plain language obligations, response timelines, fee and refusal provisions, and layered notice design. Activate for transparent communication, Art. 12, privacy notice, plain language, response timeline queries.