Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From privacy-impact-assessment-skills
Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-impact-assessment-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/privacy-impact-assessment-skills:dpia-mitigation-planThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
Generates a LGPD Data Protection Impact Assessment (RIPD/DPIA) for high-risk processing activities, following Art. 38 and ANPD Resolution nº 2/2022 criteria.
Conducts GDPR compliance assessments for systems or processing activities, including data mapping, lawful basis checks, DPIA evaluation, data subject rights review, and prioritized remediation roadmaps.
Share bugs, ideas, or general feedback.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
| Category | Examples | GDPR Reference |
|---|---|---|
| Encryption | At-rest, in-transit, end-to-end | Art. 32(1)(a) |
| Pseudonymisation | Tokenisation, hashing, key-coded | Art. 25(1), Art. 32(1)(a) |
| Access controls | RBAC, MFA, privileged access management | Art. 32(1)(b) |
| Data minimisation | Field-level reduction, aggregation, sampling | Art. 5(1)(c), Art. 25(1) |
| Anonymisation | k-anonymity, differential privacy, generalisation | Recital 26 |
| Monitoring | SIEM, DLP, anomaly detection | Art. 32(1)(d) |
| Category | Examples | GDPR Reference |
|---|---|---|
| Policies | Data protection policy, acceptable use | Art. 24(2) |
| Training | Privacy awareness, role-specific training | Art. 39(1)(b) |
| Contracts | DPAs, joint controller arrangements, NDAs | Art. 28, Art. 26 |
| Audits | Internal audits, processor audits, certification | Art. 28(3)(h) |
| Governance | DPO oversight, privacy committee, RACI | Art. 37-39 |
| Incident response | Breach procedures, notification protocols | Art. 33-34 |
For each identified risk:
Residual Risk LOW → Accept; document; routine monitoring
Residual Risk MEDIUM → Accept with enhanced monitoring; annual review
Residual Risk HIGH → Escalate to senior management; consider additional measures
Residual Risk VERY HIGH → Art. 36 prior consultation required before processing
Each mitigation measure progresses through: