gdpr-compliance-skills

Guides implementation of the GDPR accountability principle under Articles 5(2) and 24, including documentation requirements for policies, DPIAs, RoPA, training records, and breach logs. Activate when establishing or reviewing accountability measures, preparing evidence portfolios, or demonstrating compliance to supervisory authorities. Keywords: accountability, Article 5(2), Article 24, documentation, compliance evidence, governance.

Guides implementation of GDPR Article 42-43 data protection certification mechanisms including accredited certification bodies, criteria development, and periodic review. Activate when pursuing privacy certifications, evaluating certification bodies, or developing certification criteria. Keywords: certification, Article 42, Article 43, accreditation, seal, privacy mark.

Guides development of GDPR Article 40-41 codes of conduct for industry sectors including drafting, submission, and monitoring body requirements. Activate when creating industry codes or establishing monitoring bodies. Keywords: codes of conduct, Article 40, Article 41, monitoring body, industry code.

Guides a comprehensive organisational data protection audit against key GDPR requirements including Articles 5, 24, 25, 28, 30, 32, 35, and 37. Includes 50+ control points covering principles, accountability, security, and governance. Activate when performing compliance audits, preparing for supervisory authority inspections, or assessing organisational GDPR maturity. Keywords: data protection audit, compliance audit, GDPR audit, control points, accountability.

Guides systematic review of processing documentation for completeness against GDPR Articles 5, 13-14, 24, 28, and 30. Activate when auditing documentation or preparing for inspections. Keywords: documentation review, processing records, completeness, privacy notices, RoPA.

Guides the creation and review of data processing agreements under GDPR Article 28(3), covering all eight mandatory clauses. References the 2021 Standard Contractual Clauses and provides a compliance checklist for processor contracts. Activate when onboarding processors, reviewing DPAs, or auditing processor compliance. Keywords: DPA, data processing agreement, Article 28, processor, mandatory clauses, standard contractual clauses.

Guides cooperation with GDPR supervisory authorities under Article 31, including procedures for responding to investigations, information requests, and on-site inspections. Covers controller and processor obligations during supervisory authority interactions. Keywords: supervisory authority, Article 31, cooperation, DPA investigation, information request, inspection.

Guides appointment of GDPR Article 27 EU representative for non-EU controllers or processors. Covers criteria, responsibilities, and documentation. Activate when a non-EU entity processes EU data. Keywords: EU representative, Article 27, non-EU controller, territorial scope.

Guides systematic assessment of current state versus GDPR requirements across all chapters with prioritised remediation matrix. Activate when starting compliance programmes or conducting periodic reassessment. Keywords: gap analysis, compliance assessment, remediation matrix, GDPR readiness.

Guides the GDPR Article 56 one-stop-shop mechanism for determining lead supervisory authority in cross-border processing. Covers main establishment identification and cooperation. Activate when processing across EU borders. Keywords: one-stop-shop, Article 56, lead authority, cross-border.

Guides creation of organisational privacy policy hierarchy aligned to GDPR chapters including top-level policy, supporting procedures, operational guidelines, and training materials. Activate when building or updating policy frameworks. Keywords: policy framework, privacy policy, procedures, guidelines, policy hierarchy.

Guides the GDPR Article 36 prior consultation process with supervisory authorities when a DPIA indicates high residual risk. Covers timeline requirements, documentation, and outcome handling. Activate when DPIA residual risk remains high or when preparing regulatory submissions. Keywords: prior consultation, Article 36, DPIA, high risk, supervisory authority.

Guides conversion of gap analysis findings into phased implementation plans with milestones and risk-based prioritisation. Activate when building compliance programmes or allocating privacy budgets. Keywords: remediation roadmap, implementation plan, phased approach, prioritisation.

Guides the audit of Records of Processing Activities (RoPA) against GDPR Article 30 requirements for both controllers and processors. Activate when verifying RoPA completeness, validating mandatory fields, or preparing for supervisory authority inspections. Keywords: RoPA, Article 30, records audit, processing activities, controller records, processor records.

Guides comprehensive controller self-assessment covering GDPR Articles 5-49 with scoring methodology and reporting format. Activate when conducting internal reviews or benchmarking maturity. Keywords: self-assessment, controller assessment, compliance questionnaire, scoring.

Guides the establishment and management of joint controller arrangements under GDPR Article 26, including determination of joint controllership, allocation of responsibilities, and transparency obligations. Activate when two or more controllers jointly determine purposes and means of processing, or when evaluating shared data platforms. Keywords: joint controller, Article 26, shared responsibility, arrangement, joint determination.

Guides determination of the correct lawful basis under GDPR Article 6(1)(a)-(f) for each processing activity. Includes decision tree logic for consent vs legitimate interest vs contract necessity. Activate when evaluating legal grounds for processing or reviewing lawful basis selections. Keywords: lawful basis, Article 6, consent, legitimate interest, legal obligation, contract.

Guides the three-part Legitimate Interest Assessment (LIA) required under GDPR Article 6(1)(f): purpose test, necessity test, and balancing test. Activate when evaluating legitimate interest as a lawful basis, conducting LIA reviews, or documenting proportionality analysis. Keywords: LIA, legitimate interest, balancing test, necessity test, purpose test, Article 6(1)(f).