README
Privacy & Data Protection Skills for AI Agents
The first structured, machine-readable privacy skills database for AI agents. 282+ open-source privacy compliance procedures covering GDPR, CCPA, EU AI Act, HIPAA, LGPD, PIPL, and India's DPDP Act — following the agentskills.io open standard. Works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and 26+ AI platforms.
Quick Start
git clone https://github.com/mukul975/Privacy-Data-Protection-Skills.git
cd Privacy-Data-Protection-Skills/skills/privacy/conducting-gdpr-dpia
cat SKILL.md
Or install via Claude Code Plugin Marketplace:
/plugin marketplace add mukul975/Privacy-Data-Protection-Skills
/plugin install privacy-skills-complete@privacy-data-protection-skills
Regulation Coverage
| Jurisdiction | Regulation | Skills | Status |
|---|---|---|---|
| EU | GDPR (Regulation 2016/679) | 50+ | Full |
| EU | EU AI Act (Regulation 2024/1689) | 15+ | Full |
| EU | ePrivacy Directive | 12+ | Full |
| US | CCPA/CPRA | 13+ | Full |
| US | HIPAA Privacy and Security Rules | 11+ | Full |
| US | 13 State Privacy Laws | 13+ | Full |
| Brazil | LGPD | 3+ | Yes |
| China | PIPL | 3+ | Yes |
| India | DPDP Act 2023 | 3+ | Yes |
| Japan | APPI | 3+ | Yes |
| South Korea | PIPA | 3+ | Yes |
| Singapore | PDPA | 3+ | Yes |
| Thailand | PDPA | 3+ | Yes |
| South Africa | POPIA | 3+ | Yes |
| Australia | Privacy Act 1988 | 3+ | Yes |
| Canada | PIPEDA | 3+ | Yes |
| Cross-border | APEC CBPR, SCCs, BCRs, EU-US DPF | 12+ | Full |
Why This Exists
AI agents are increasingly used for privacy compliance tasks but operate with zero structured knowledge of privacy regulations, leading to:
- Hallucinated regulation citations (invented GDPR articles, wrong CFR sections)
- Missed jurisdiction-specific requirements (PIPL data localization, LGPD 10 lawful bases)
- Incorrect breach notification timelines (72h GDPR vs 60d HIPAA vs 3d Singapore)
- Dangerous oversimplification of cross-border transfer mechanisms
Each skill provides structured, verified regulatory knowledge that AI agents load on demand, replacing hallucination with precision.
Real-world use cases:
- An AI agent processing a Data Subject Access Request across EU and US jurisdictions
- An AI agent conducting a Privacy Impact Assessment for an AI system ahead of the EU AI Act August 2026 deadline
- An AI agent evaluating cross-border data transfer mechanisms (SCCs, BCRs, adequacy decisions) for a multinational organization
Disclaimer: These skills are educational reference materials, not legal advice. Consult qualified legal counsel for compliance decisions.
Skill Categories
| Category | Skills | Example |
|---|---|---|
| GDPR Compliance | 18 | gdpr-compliance-audit |
| Privacy Impact Assessment | 18 | conducting-gdpr-dpia |
| Data Subject Rights | 15 | dsar-processing |
| AI Privacy Governance | 15 | ai-dpia |
| Consent Management | 14 | gdpr-valid-consent |
| Privacy Engineering | 14 | differential-privacy-prod |
| Privacy by Design | 13 | implementing-homomorphic-encryption |
| Data Breach Response | 13 | breach-72h-notification |
| US State Privacy Laws | 13 | ccpa-cpra-compliance |
| Cross-Border Transfers | 12 | scc-implementation |
| Cookie and Consent | 12 | tcf-v2-implementation |
| Data Classification | 12 | pii-detection-pipeline |
| Data Retention | 12 | retention-schedule |
| Global Regulations | 12 | china-pipl |
| Vendor Management | 11 | vendor-risk-scoring |
| Healthcare Privacy | 11 | hipaa-risk-analysis |
| Employee Privacy | 11 | employee-monitoring-dpia |
| Privacy Audit | 11 | iso-27701-pims |
| Records of Processing | 10 | controller-ropa-creation |
| Children's Privacy | 10 | coppa-compliance |
How Skills Work
Every skill follows the agentskills.io open standard: