Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeHow this skill is triggered — by the user, by Claude, or both
Slash command
/privacy-skills-complete:dpia-mitigation-planThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
Structures DPIA mitigation plans under GDPR Art. 35(7)(d) with technical/organisational measures, implementation tracking, residual risk assessment, and prior consultation triggers.
Guides end-to-end GDPR Data Protection Impact Assessment (DPIA) per Article 35, identifying triggers like systematic profiling or large-scale monitoring, and applying EDPB WP248 methodology.
Generates a LGPD Data Protection Impact Assessment (RIPD/DPIA) for high-risk processing activities, following Art. 38 and ANPD Resolution nº 2/2022 criteria.
Share bugs, ideas, or general feedback.
Article 35(7)(d) GDPR requires a DPIA to include "the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation." This skill provides a structured mitigation planning framework.
| Category | Examples | GDPR Reference |
|---|---|---|
| Encryption | At-rest, in-transit, end-to-end | Art. 32(1)(a) |
| Pseudonymisation | Tokenisation, hashing, key-coded | Art. 25(1), Art. 32(1)(a) |
| Access controls | RBAC, MFA, privileged access management | Art. 32(1)(b) |
| Data minimisation | Field-level reduction, aggregation, sampling | Art. 5(1)(c), Art. 25(1) |
| Anonymisation | k-anonymity, differential privacy, generalisation | Recital 26 |
| Monitoring | SIEM, DLP, anomaly detection | Art. 32(1)(d) |
| Category | Examples | GDPR Reference |
|---|---|---|
| Policies | Data protection policy, acceptable use | Art. 24(2) |
| Training | Privacy awareness, role-specific training | Art. 39(1)(b) |
| Contracts | DPAs, joint controller arrangements, NDAs | Art. 28, Art. 26 |
| Audits | Internal audits, processor audits, certification | Art. 28(3)(h) |
| Governance | DPO oversight, privacy committee, RACI | Art. 37-39 |
| Incident response | Breach procedures, notification protocols | Art. 33-34 |
For each identified risk:
Residual Risk LOW → Accept; document; routine monitoring
Residual Risk MEDIUM → Accept with enhanced monitoring; annual review
Residual Risk HIGH → Escalate to senior management; consider additional measures
Residual Risk VERY HIGH → Art. 36 prior consultation required before processing
Each mitigation measure progresses through: