Provides DPIA risk scoring with ENISA/ISO 29134-aligned likelihood-severity matrix, residual risk calculation, and risk appetite thresholds for GDPR assessments.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeThis skill uses the workspace's default tool permissions.
Art. 35(7)(c) GDPR requires a DPIA to include "an assessment of the risks to the rights and freedoms of data subjects." This skill provides a quantifiable risk scoring framework that converts qualitative privacy risks into comparable, prioritised scores supporting mitigation decisions.
Conducts multi-round deep research on GitHub repos via API and web searches, generating markdown reports with executive summaries, timelines, metrics, and Mermaid diagrams.
Dynamically discovers and combines enabled skills into cohesive, unexpected delightful experiences like interactive HTML or themed artifacts. Activates on 'surprise me', inspiration, or boredom cues.
Generates images from structured JSON prompts via Python script execution. Supports reference images and aspect ratios for characters, scenes, products, visuals.
Art. 35(7)(c) GDPR requires a DPIA to include "an assessment of the risks to the rights and freedoms of data subjects." This skill provides a quantifiable risk scoring framework that converts qualitative privacy risks into comparable, prioritised scores supporting mitigation decisions.
| Level | Score | Description | Examples |
|---|---|---|---|
| Negligible | 1 | Minor inconvenience, easily recoverable | Temporary inability to access non-essential service |
| Limited | 2 | Significant inconvenience, recoverable with effort | Targeted advertising based on inferred preferences |
| Significant | 3 | Serious consequences, difficult to recover from | Financial loss, discrimination, reputational harm |
| Maximum | 4 | Irreversible or very difficult to recover from | Identity theft, physical safety risk, loss of employment |
| Level | Score | Description | Indicators |
|---|---|---|---|
| Negligible | 1 | Unlikely given current controls | Strong technical controls, limited access, encrypted at rest and in transit |
| Limited | 2 | Possible but requires specific conditions | Some access controls, partial encryption, known but unproven attack vectors |
| Significant | 3 | Probable given known threat landscape | Weak controls in specific areas, prior incidents in sector, active threat actors |
| Maximum | 4 | Near-certain or already occurring | No controls, known vulnerabilities, prior breach of similar system |
Severity → Negligible(1) Limited(2) Significant(3) Maximum(4)
Likelihood ↓
Maximum(4) 4(M) 8(H) 12(VH) 16(VH)
Significant(3) 3(L) 6(M) 9(H) 12(VH)
Limited(2) 2(L) 4(M) 6(M) 8(H)
Negligible(1) 1(L) 2(L) 3(L) 4(M)
Risk Levels: L=Low(1-3), M=Medium(4-6), H=High(7-9), VH=Very High(10-16)
When residual risk remains High or Very High after all feasible mitigation measures, the controller must consult the supervisory authority under Art. 36(1) before commencing processing.