Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeThis skill uses the workspace's default tool permissions.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
Conducts multi-round deep research on GitHub repos via API and web searches, generating markdown reports with executive summaries, timelines, metrics, and Mermaid diagrams.
Dynamically discovers and combines enabled skills into cohesive, unexpected delightful experiences like interactive HTML or themed artifacts. Activates on 'surprise me', inspiration, or boredom cues.
Generates images from structured JSON prompts via Python script execution. Supports reference images and aspect ratios for characters, scenes, products, visuals.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
| Category | Examples | GDPR Reference |
|---|---|---|
| Encryption | At-rest, in-transit, end-to-end | Art. 32(1)(a) |
| Pseudonymisation | Tokenisation, hashing, key-coded | Art. 25(1), Art. 32(1)(a) |
| Access controls | RBAC, MFA, privileged access management | Art. 32(1)(b) |
| Data minimisation | Field-level reduction, aggregation, sampling | Art. 5(1)(c), Art. 25(1) |
| Anonymisation | k-anonymity, differential privacy, generalisation | Recital 26 |
| Monitoring | SIEM, DLP, anomaly detection | Art. 32(1)(d) |
| Category | Examples | GDPR Reference |
|---|---|---|
| Policies | Data protection policy, acceptable use | Art. 24(2) |
| Training | Privacy awareness, role-specific training | Art. 39(1)(b) |
| Contracts | DPAs, joint controller arrangements, NDAs | Art. 28, Art. 26 |
| Audits | Internal audits, processor audits, certification | Art. 28(3)(h) |
| Governance | DPO oversight, privacy committee, RACI | Art. 37-39 |
| Incident response | Breach procedures, notification protocols | Art. 33-34 |
For each identified risk:
Residual Risk LOW → Accept; document; routine monitoring
Residual Risk MEDIUM → Accept with enhanced monitoring; annual review
Residual Risk HIGH → Escalate to senior management; consider additional measures
Residual Risk VERY HIGH → Art. 36 prior consultation required before processing
Each mitigation measure progresses through: