Conducts pre-DPIA threshold screening for GDPR Article 35 using EDPB WP248 nine-criteria test, national supervisory blacklists, and risk appetite to decide if full DPIA required. Outputs documented decision.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeThis skill uses the workspace's default tool permissions.
Article 35(1) GDPR requires a DPIA when processing is "likely to result in a high risk to the rights and freedoms of natural persons." This skill provides a structured screening methodology to make that determination before committing to a full DPIA.
Conducts multi-round deep research on GitHub repos via API and web searches, generating markdown reports with executive summaries, timelines, metrics, and Mermaid diagrams.
Dynamically discovers and combines enabled skills into cohesive, unexpected delightful experiences like interactive HTML or themed artifacts. Activates on 'surprise me', inspiration, or boredom cues.
Generates images from structured JSON prompts via Python script execution. Supports reference images and aspect ratios for characters, scenes, products, visuals.
Article 35(1) GDPR requires a DPIA when processing is "likely to result in a high risk to the rights and freedoms of natural persons." This skill provides a structured screening methodology to make that determination before committing to a full DPIA.
Processing that meets two or more of the following criteria generally requires a DPIA:
| # | Criterion | GDPR Reference |
|---|---|---|
| 1 | Evaluation or scoring | Art. 35(3)(a) |
| 2 | Automated decision-making with legal/similar effect | Art. 35(3)(a) |
| 3 | Systematic monitoring | Art. 35(3)(c) |
| 4 | Sensitive data or data of highly personal nature | Art. 9, Art. 10 |
| 5 | Data processed on a large scale | Recital 91 |
| 6 | Matching or combining datasets | WP248 |
| 7 | Data concerning vulnerable data subjects | WP248 |
| 8 | Innovative use or applying new technological solutions | WP248 |
| 9 | Processing that prevents data subjects from exercising a right | Art. 22, Art. 35(3)(b) |
A DPIA is always required for:
Each EU/EEA supervisory authority publishes a list of processing operations requiring a DPIA. The screening must check the relevant national blacklist based on the controller establishment.
IF any Art. 35(3) mandatory trigger is met → DPIA REQUIRED
ELSE IF processing appears on national SA blacklist → DPIA REQUIRED
ELSE IF 2+ WP248 criteria are met → DPIA REQUIRED
ELSE IF 1 WP248 criterion is met → DPIA RECOMMENDED (risk-based decision)
ELSE → DPIA NOT REQUIRED (document exemption)