privacy-by-design-skills

Privacy & Data Protection Skills for AI Agents

The first structured, machine-readable privacy skills database for AI agents. 282+ open-source privacy compliance procedures covering GDPR, CCPA, EU AI Act, HIPAA, LGPD, PIPL, and India's DPDP Act — following the agentskills.io open standard. Works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and 26+ AI platforms.

---

Quick Start

git clone https://github.com/mukul975/Privacy-Data-Protection-Skills.git
cd Privacy-Data-Protection-Skills/skills/privacy/conducting-gdpr-dpia
cat SKILL.md

Or install via Claude Code Plugin Marketplace:

/plugin marketplace add mukul975/Privacy-Data-Protection-Skills
/plugin install privacy-skills-complete@privacy-data-protection-skills

---

Regulation Coverage

Jurisdiction	Regulation	Skills	Status
EU	GDPR (Regulation 2016/679)	50+	Full
EU	EU AI Act (Regulation 2024/1689)	15+	Full
EU	ePrivacy Directive	12+	Full
US	CCPA/CPRA	13+	Full
US	HIPAA Privacy and Security Rules	11+	Full
US	13 State Privacy Laws	13+	Full
Brazil	LGPD	3+	Yes
China	PIPL	3+	Yes
India	DPDP Act 2023	3+	Yes
Japan	APPI	3+	Yes
South Korea	PIPA	3+	Yes
Singapore	PDPA	3+	Yes
Thailand	PDPA	3+	Yes
South Africa	POPIA	3+	Yes
Australia	Privacy Act 1988	3+	Yes
Canada	PIPEDA	3+	Yes
Cross-border	APEC CBPR, SCCs, BCRs, EU-US DPF	12+	Full

---

Why This Exists

AI agents are increasingly used for privacy compliance tasks but operate with zero structured knowledge of privacy regulations, leading to:

• Hallucinated regulation citations (invented GDPR articles, wrong CFR sections)
• Missed jurisdiction-specific requirements (PIPL data localization, LGPD 10 lawful bases)
• Incorrect breach notification timelines (72h GDPR vs 60d HIPAA vs 3d Singapore)
• Dangerous oversimplification of cross-border transfer mechanisms

Each skill provides structured, verified regulatory knowledge that AI agents load on demand, replacing hallucination with precision.

Real-world use cases:

• An AI agent processing a Data Subject Access Request across EU and US jurisdictions
• An AI agent conducting a Privacy Impact Assessment for an AI system ahead of the EU AI Act August 2026 deadline
• An AI agent evaluating cross-border data transfer mechanisms (SCCs, BCRs, adequacy decisions) for a multinational organization

Disclaimer: These skills are educational reference materials, not legal advice. Consult qualified legal counsel for compliance decisions.

---

Skill Categories

Category	Skills	Example
GDPR Compliance	18	gdpr-compliance-audit
Privacy Impact Assessment	18	conducting-gdpr-dpia
Data Subject Rights	15	dsar-processing
AI Privacy Governance	15	ai-dpia
Consent Management	14	gdpr-valid-consent
Privacy Engineering	14	differential-privacy-prod
Privacy by Design	13	implementing-homomorphic-encryption
Data Breach Response	13	breach-72h-notification
US State Privacy Laws	13	ccpa-cpra-compliance
Cross-Border Transfers	12	scc-implementation
Cookie and Consent	12	tcf-v2-implementation
Data Classification	12	pii-detection-pipeline
Data Retention	12	retention-schedule
Global Regulations	12	china-pipl
Vendor Management	11	vendor-risk-scoring
Healthcare Privacy	11	hipaa-risk-analysis
Employee Privacy	11	employee-monitoring-dpia
Privacy Audit	11	iso-27701-pims
Records of Processing	10	controller-ropa-creation
Children's Privacy	10	coppa-compliance

---

How Skills Work

Every skill follows the agentskills.io open standard: