From privacy-impact-assessment-skills
Provides DPIA risk scoring with ENISA/ISO 29134-aligned likelihood-severity matrix, residual risk calculation, and risk appetite thresholds for GDPR assessments.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-impact-assessment-skillsThis skill uses the workspace's default tool permissions.
Art. 35(7)(c) GDPR requires a DPIA to include "an assessment of the risks to the rights and freedoms of data subjects." This skill provides a quantifiable risk scoring framework that converts qualitative privacy risks into comparable, prioritised scores supporting mitigation decisions.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
Art. 35(7)(c) GDPR requires a DPIA to include "an assessment of the risks to the rights and freedoms of data subjects." This skill provides a quantifiable risk scoring framework that converts qualitative privacy risks into comparable, prioritised scores supporting mitigation decisions.
| Level | Score | Description | Examples |
|---|---|---|---|
| Negligible | 1 | Minor inconvenience, easily recoverable | Temporary inability to access non-essential service |
| Limited | 2 | Significant inconvenience, recoverable with effort | Targeted advertising based on inferred preferences |
| Significant | 3 | Serious consequences, difficult to recover from | Financial loss, discrimination, reputational harm |
| Maximum | 4 | Irreversible or very difficult to recover from | Identity theft, physical safety risk, loss of employment |
| Level | Score | Description | Indicators |
|---|---|---|---|
| Negligible | 1 | Unlikely given current controls | Strong technical controls, limited access, encrypted at rest and in transit |
| Limited | 2 | Possible but requires specific conditions | Some access controls, partial encryption, known but unproven attack vectors |
| Significant | 3 | Probable given known threat landscape | Weak controls in specific areas, prior incidents in sector, active threat actors |
| Maximum | 4 | Near-certain or already occurring | No controls, known vulnerabilities, prior breach of similar system |
Severity → Negligible(1) Limited(2) Significant(3) Maximum(4)
Likelihood ↓
Maximum(4) 4(M) 8(H) 12(VH) 16(VH)
Significant(3) 3(L) 6(M) 9(H) 12(VH)
Limited(2) 2(L) 4(M) 6(M) 8(H)
Negligible(1) 1(L) 2(L) 3(L) 4(M)
Risk Levels: L=Low(1-3), M=Medium(4-6), H=High(7-9), VH=Very High(10-16)
When residual risk remains High or Very High after all feasible mitigation measures, the controller must consult the supervisory authority under Art. 36(1) before commencing processing.