From privacy-impact-assessment-skills
Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-impact-assessment-skillsThis skill uses the workspace's default tool permissions.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
| Category | Examples | GDPR Reference |
|---|---|---|
| Encryption | At-rest, in-transit, end-to-end | Art. 32(1)(a) |
| Pseudonymisation | Tokenisation, hashing, key-coded | Art. 25(1), Art. 32(1)(a) |
| Access controls | RBAC, MFA, privileged access management | Art. 32(1)(b) |
| Data minimisation | Field-level reduction, aggregation, sampling | Art. 5(1)(c), Art. 25(1) |
| Anonymisation | k-anonymity, differential privacy, generalisation | Recital 26 |
| Monitoring | SIEM, DLP, anomaly detection | Art. 32(1)(d) |
| Category | Examples | GDPR Reference |
|---|---|---|
| Policies | Data protection policy, acceptable use | Art. 24(2) |
| Training | Privacy awareness, role-specific training | Art. 39(1)(b) |
| Contracts | DPAs, joint controller arrangements, NDAs | Art. 28, Art. 26 |
| Audits | Internal audits, processor audits, certification | Art. 28(3)(h) |
| Governance | DPO oversight, privacy committee, RACI | Art. 37-39 |
| Incident response | Breach procedures, notification protocols | Art. 33-34 |
For each identified risk:
Residual Risk LOW → Accept; document; routine monitoring
Residual Risk MEDIUM → Accept with enhanced monitoring; annual review
Residual Risk HIGH → Escalate to senior management; consider additional measures
Residual Risk VERY HIGH → Art. 36 prior consultation required before processing
Each mitigation measure progresses through: