mukul975
115 skills in the catalog.
Skills
United Arab Emirates
·
data-protection
UAE Personal Data Protection Law Compliance
Implements compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDP Law) and its Executive Regulations. …
Australia
·
data-protection
Australia Privacy Act Compliance (2024 Amendments)
Guides compliance with Australia's Privacy Act 1988 including the 2024 reform amendments. Covers automated decision-making transparency, children's p…
Brazil
·
data-protection
Brazil LGPD Compliance (Lei 13.709/2018)
Guides compliance with Brazil's Lei Geral de Proteção de Dados (LGPD, Lei 13.709/2018). Covers the 10 lawful bases under Art. 7, DPO appointment, ANP…
Canada
·
data-protection
Canada PIPEDA Compliance
Guides compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5). Covers the 10 fair informatio…
China
·
data-protection
China PIPL Compliance
Guides compliance with China's Personal Information Protection Law (PIPL, effective 1 November 2021). Covers consent requirements, cross-border trans…
Age Verification and Estimation Methods
Evaluates and implements age estimation and verification technologies for online services. Covers facial age estimation, digital ID verification, sel…
Conducting AI System Privacy Assessment
Guides the combined DPIA and AI Act conformity assessment for AI systems processing personal data. Covers EDPB-EDPS Joint Opinion 5/2021, training da…
Managing APAC Cross-Border Transfers
Guides management of cross-border data transfers under Asia-Pacific regulatory frameworks including APEC CBPR, ASEAN Model Contractual Clauses, Japan…
APEC Cross-Border Privacy Rules Certification
Guides APEC Cross-Border Privacy Rules system certification process including self-assessment against the APEC Privacy Framework principles, accounta…
Managing Multi-Jurisdiction Breach Notification
Manages coordinated breach notification across multiple legal jurisdictions including EU member states (72-hour GDPR deadline), US state breach notif…
Children's Data Minimisation and Retention Limits
Implements strict data minimization and retention limits for children's personal data under GDPR Art. 5(1)(c), Recital 38, UK AADC Standard 8, and CO…
Children's Profiling Restrictions
Implements profiling restrictions for children under GDPR Recital 71, Article 22, UK AADC Standard 12, and COPPA. Covers prohibition of behavioural a…
Managing Conflicting Privacy Requirements
Guides managing conflicting privacy requirements across jurisdictions. Covers data localisation vs transfer freedom, consent standards variation, age…
Evaluating Consent Management Platforms
Framework for evaluating and selecting Consent Management Platforms (CMPs). Covers TCF v2.2 certification requirements, Global Privacy Control suppor…
Assessing Health Data Processing
Guides DPIA for health and medical data processing covering Art. 9(2)(h)-(j) exemptions, HIPAA crosswalk for transatlantic operations, clinical trial…
Managing Consent for Children
Guide for managing consent for children's personal data under GDPR Article 8 and COPPA. Covers parental consent mechanisms, age verification methods,…
Privacy Impact Assessment for Health Data
Conducts Privacy Impact Assessment for health data processing under GDPR Article 9, HIPAA, and sector-specific health privacy regulations. Covers spe…
Privacy Law Change Monitoring and Impact Assessment
Guides privacy law change monitoring and impact assessment for multi-jurisdiction organisations. Covers regulatory tracking sources, change classific…
Workplace Email Privacy
Implements email and internet monitoring compliance in the workplace per Barbulescu v Romania (ECHR Grand Chamber), EDPB guidance, and national labou…
Healthcare AI Privacy — HIPAA and AI Act Intersection
Addresses healthcare AI privacy at the intersection of HIPAA and the EU AI Act for clinical decision support systems. Covers training data PHI handli…
European Union
·
data-protection
AI Automated Decision-Making and Human Oversight
Implements GDPR Art. 22 automated decision-making and AI Act Art. 14 human oversight requirements for AI systems. Covers identification of solely aut…
European Union
·
data-protection
AI System Pre-Deployment Privacy Checklist
Pre-deployment privacy compliance checklist for AI/ML systems covering DPIA completion, lawful basis verification, transparency notices, human oversi…
European Union
·
data-protection
AI Transparency Requirements
Implements AI transparency requirements under EU AI Act Arts. 13-14 and GDPR Arts. 13-14. Covers user notification of AI interaction, system capabili…
France
·
data-protection
Implementing CNIL-Compliant Cookies
Implementation guide for CNIL cookie guidelines compliance. References the EUR 150M Google fine and EUR 60M Meta fine. Covers equal prominence accept…
United Kingdom
·
data-protection
Building a Universal DSAR Intake System
Builds a multi-channel DSAR intake system supporting web form, email, phone, and in-person requests with identity verification tiers, automated routi…
Data Subject Rights for AI Systems
Implements data subject rights mechanisms for AI systems including right to explanation of AI decisions, contestation procedures, human review, model…
Managing Consent for Analytics Cookies
Managing consent for analytics cookies and implementing privacy-preserving measurement. Covers GA4 privacy configuration, consent mode fallback behav…
Applying Privacy Design Patterns
Systematic application of the eight privacy design patterns per Hoepman: minimize, hide, separate, abstract, inform, control, enforce, and demonstrat…
Managing Automated Decision-Making and Profiling Rights
Manages GDPR Article 22 rights related to solely automated decision-making and profiling, including identification of automated decisions, meaningful…
Backup Retention and Erasure Management
Manages backup and archive data under retention schedules and erasure obligations. Covers the technical infeasibility exception for backup deletion, …
Establishing Binding Corporate Rules
Guides development and approval of Binding Corporate Rules under GDPR Article 47 for intra-group international data transfers. Covers Art. 47(2)(a)-(…
Assessing Biometric Processing Privacy
Guides DPIA for biometric processing systems including facial recognition, fingerprint, voice, iris, and gait analysis. Covers Art. 9 special categor…
Managing Breach Credit Monitoring
Coordinates credit monitoring and identity theft protection services for individuals affected by a data breach. Covers vendor selection criteria, enr…
Maintaining Breach Documentation Records
Maintains the GDPR Article 33(5) breach register documenting all personal data breaches regardless of whether supervisory authority notification was …
Designing Breach Simulation Exercise
Designs and executes tabletop breach simulation exercises for testing organizational breach response capabilities. Covers scenario creation with real…
Managing Data Subject Breach Communication
Manages direct communication to affected data subjects following a personal data breach under GDPR Article 34 when the breach is likely to result in …
Cloud Service Provider Privacy Assessment
Cloud service provider privacy assessment framework. Covers ISO 27018 cloud privacy controls, CSA STAR certification, SOC 2 Type II evaluation, share…
Managing Consent for Transfers
Guide for obtaining explicit consent for international data transfers under GDPR Article 49(1)(a). Covers informed consent requirements including ris…
Implementing Consent Withdrawal
Implementation guide for GDPR Article 7(3) consent withdrawal mechanisms. Covers the equal ease requirement ensuring withdrawal is as easy as giving …
Controller RoPA Creation
Creates GDPR Article 30(1) Records of Processing Activities (RoPA) for data controllers with all seven mandatory fields: controller identity and cont…
Criminal Conviction and Offence Data Handling — GDPR Art. 10
Handles GDPR Art. 10 criminal conviction and offence data classification including official authority requirements, national law derogations, and com…
Data Inventory and Mapping for Classification
Builds comprehensive data inventory per GDPR Art. 30 Records of Processing Activities. Covers system-by-system discovery, data flow diagramming, thir…
Providing Direct Collection Information
Provides GDPR Article 13 information at the point of direct data collection, covering all required elements under Art. 13(1)(a)-(f) and Art. 13(2)(a)…
Supervisory Authority Inspection Preparation
Guides preparation for supervisory authority (DPA) inspections and investigations including document readiness checklists, interview preparation for …
DPIA Risk Scoring Methodology
Provides a structured risk scoring methodology for Data Protection Impact Assessments aligned with ENISA threat taxonomy and ISO 29134. Covers likeli…
Employee DSAR Response
Manages Data Subject Access Request procedures for employee requests under Art. 15 GDPR. Covers scope of disclosable HR records, emails, CCTV footage…
Employee Monitoring DPIA
Conducts Data Protection Impact Assessments for employee monitoring systems per EDPB Guidelines 3/2019 on workplace data processing. Covers video sur…
Employment Consent Limits
Analyses the limitations on consent as a lawful basis for processing employee data under Art. 88 GDPR and WP29 Opinion 2/2017. Addresses power imbala…
ePrivacy Directive Article 5(3) Essential Cookie Exemption
Applying the ePrivacy Directive Article 5(3) strictly necessary exemption to classify cookies that do not require consent. Covers exemption criteria,…
Implementing Data Protection Certification
Guides implementation of GDPR Article 42-43 data protection certification mechanisms including accredited certification bodies, criteria development,…
Developing Codes of Conduct
Guides development of GDPR Article 40-41 codes of conduct for industry sectors including drafting, submission, and monitoring body requirements. Acti…
Appointing EU Representative
Guides appointment of GDPR Article 27 EU representative for non-EU controllers or processors. Covers criteria, responsibilities, and documentation. A…
GDPR Parental Consent Verification
Implements GDPR Article 8 parental consent verification for information society services offered to children. Covers age thresholds by EU/EEA Member …
Conducting Prior Consultation Process
Guides the GDPR Article 36 prior consultation process with supervisory authorities when a DPIA indicates high residual risk. Covers timeline requirem…
Creating GDPR Remediation Roadmap
Guides conversion of gap analysis findings into phased implementation plans with milestones and risk-based prioritisation. Activate when building com…
Performing GDPR Controller Self-Assessment
Guides comprehensive controller self-assessment covering GDPR Articles 5-49 with scoring methodology and reporting format. Activate when conducting i…
Configuring Google Consent Mode v2
Configuring Google Consent Mode v2 for privacy-compliant measurement and advertising. Covers default and update commands, consent state mapping to GA…
Providing Indirect Collection Information
Provides GDPR Article 14 information for personal data obtained from sources other than the data subject, covering timing requirements (within reason…
Managing Joint Controller Arrangements
Guides the establishment and management of joint controller arrangements under GDPR Article 26, including determination of joint controllership, allo…
Implementing Lawful Basis Assessment
Guides determination of the correct lawful basis under GDPR Article 6(1)(a)-(f) for each processing activity. Includes decision tree logic for consen…
Assessing Legitimate Interest vs Consent
Decision framework for choosing between consent and legitimate interest as the lawful basis for processing. Covers power imbalance indicators, condit…
Performing Legitimate Interest Assessment
Guides the three-part Legitimate Interest Assessment (LIA) required under GDPR Article 6(1)(f): purpose test, necessity test, and balancing test. Act…
Managing Consent for Research
Guide for managing consent for scientific research under GDPR Article 89 and Recital 33 broad consent provisions. Covers ethical review board coordin…
Assessing Marketing Analytics Privacy
Guides DPIA for marketing profiling, behavioural targeting, cross-device tracking, and advertising analytics. Covers ePrivacy Directive Art. 5(3) coo…
NIST Privacy Framework — IDENTIFY Function
Implement the NIST Privacy Framework IDENTIFY function including ID.BE business environment, ID.DA data actions, ID.IM improvement, and ID.RA risk as…
Personal Data Classification Test — GDPR Art. 4(1)
Classifies personal vs non-personal data per GDPR Art. 4(1) definition test with decision tree for borderline cases. References Breyer v Germany CJEU…
Privacy Impact Assessment for Large-Scale Monitoring
Conducts Privacy Impact Assessment for large-scale systematic monitoring under GDPR Article 35(3)(c). Covers CCTV and video surveillance, employee mo…
Managing PIA Review and Update Cadence
Guides the periodic DPIA review lifecycle including trigger identification for regulatory changes, new data categories, technology changes, and breac…
Privacy Law Gap Analysis for Market Entry
Guides conducting privacy law gap analysis for market entry into new jurisdictions. Covers target jurisdiction assessment, existing compliance mappin…
Pseudonymised vs Anonymised Data Classification
Classifies data as pseudonymised or anonymised using Recital 26 reasonably likely test, Breyer ruling C-582/14, motivated intruder test, and WP29 Opi…
Handling Right to Restriction Requests
Handles GDPR Article 18 right to restriction of processing requests, covering the four grounds for restriction (accuracy contest, unlawful processing…
Retention Exception Management
Manages retention exception workflows including request-approval processes, duration limits, periodic review cycles, documentation requirements, and …
Implementing Right to Erasure Workflow
Implements the GDPR Article 17 right to erasure (right to be forgotten) workflow, covering all six grounds for erasure, five exceptions, technical de…
Handling Right to Object to Processing
Handles GDPR Article 21 right to object to processing, including compelling legitimate grounds assessment, ceasing processing obligations, documentat…
Processing Right to Rectification
Processes GDPR Article 16 right to rectification requests, covering verification of corrected data accuracy, notification to recipients under Article…
RoPA Maintenance Workflow
Establishes ongoing RoPA maintenance processes including update triggers, change management integration, version control, stakeholder review cycles, …
RoPA Tool Integration
Integrates Records of Processing Activities with privacy management platforms including OneTrust, TrustArc, Collibra, and DataGrail. Covers API-based…
Search Engine Erasure (Right to Be Forgotten)
Implements the right to be forgotten in search engines under GDPR Article 17 and the CJEU Google Spain ruling (C-131/12). Covers delisting request pr…
Special Category Data Classification — GDPR Art. 9
Identifies and classifies GDPR Art. 9 special category data including racial origin, political opinions, religious beliefs, trade union membership, g…
Sub-Processor Management
GDPR Article 28(2) sub-processor approval workflow management. Covers prior specific and general authorization mechanisms, change notification proced…
Implementing Supplementary Measures
Guides implementation of technical, contractual, and organisational supplementary measures for international data transfers per EDPB Recommendations …
Conducting Transfer Impact Assessment
Guides the post-Schrems II Transfer Impact Assessment process following EDPB Recommendations 01/2020 six-step methodology. Covers destination country…
Implementing Transparent Communication
Implements GDPR Article 12 transparent information and communication requirements, covering concise, intelligible, and plain language obligations, re…
Vendor Privacy Audit
On-site and remote vendor audit procedures per GDPR Article 28(3)(h). Covers audit planning, evidence collection methodologies, finding classificatio…
Vendor Privacy Due Diligence
Pre-contract vendor privacy due diligence per GDPR Article 28(1). Covers risk questionnaires, technical controls assessment, certification review, da…
Litigation Hold Management
Manages legal hold and data preservation processes including triggering events, custodian notification, hold-in-place technical implementation, relea…
Japan
·
data-protection
Japan APPI Compliance (2022 Amendments)
Guides compliance with Japan's Act on the Protection of Personal Information (APPI, 2022 amendments). Covers individual rights expansion, cross-borde…
South Korea
·
data-protection
South Korea PIPA Compliance
Guides compliance with South Korea's Personal Information Protection Act (PIPA, 개인정보 보호법). Covers pseudonymisation framework, notification requiremen…
Nigeria
·
data-protection
Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA)
Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA) 2023 compliance. Covers lawful basis for processing, data subject ri…
Türkiye
·
data-protection
Turkey KVKK Compliance
Implements compliance with Turkey's Personal Data Protection Law (Kisisel Verilerin Korunmasi Kanunu, KVKK, Law No. 6698). Covers data controller obl…
United States
·
data-protection
CCPA/CPRA Compliance
Complete CCPA/CPRA compliance implementation covering California Civil Code §1798.100-199. Includes consumer rights framework, business obligations, …
United States
·
data-protection
CCPA/CPRA Right to Delete
Implements CCPA Section 1798.105 right to delete and CPRA amendments including service provider obligations, statutory exceptions for legal, security…
United States
·
data-protection
Colorado Privacy Act (CPA) Compliance
Colorado Privacy Act (CPA) compliance implementation. Covers universal opt-out mechanism required since July 2024, profiling opt-out rights, sensitiv…
United States
·
data-protection
COPPA Compliance — Children's Online Privacy Protection Act
Implements Children's Online Privacy Protection Act (COPPA) compliance under 16 CFR Part 312. Covers verifiable parental consent methods including si…
United States
·
data-protection
Implementing Global Privacy Control (GPC)
Implementation guide for Global Privacy Control (GPC) automated opt-out signal per CPRA Section 1798.135(e). Covers Sec-GPC HTTP header detection, Ja…
United States
·
data-protection
Iowa Consumer Data Protection Act (ICDPA)
Iowa Consumer Data Protection Act (ICDPA) compliance. Effective January 1, 2025. Covers consumer rights (access, delete, opt-out), controller thresho…
United States
·
data-protection
Kentucky Consumer Privacy Protection Act (KPPA)
Kentucky Consumer Privacy Protection Act (KPPA) compliance. Effective January 1, 2026. Covers consumer rights, controller thresholds at 100,000 consu…
United States
·
data-protection
Montana Consumer Data Privacy Act (MTDPA)
Montana Consumer Data Privacy Act (MTDPA) compliance. Lowest consumer threshold at 50,000 consumers. Covers sensitive data consent, universal opt-out…
United States
·
data-protection
New Jersey Data Privacy Act (NJDPA)
New Jersey Data Privacy Act (NJDPA) compliance, effective January 15, 2025. Covers consumer rights (access, correction, deletion, portability, opt-ou…
United States
·
data-protection
Oregon Consumer Privacy Act (OCPA)
Oregon Consumer Privacy Act (OCPA) compliance. Unique provisions for de-identified data requirements, employee data partial exemption, nonprofit appl…
United States
·
data-protection
SOC 2 Type II Privacy Trust Services Criteria
Guides SOC 2 Type II Privacy Trust Services Criteria preparation and audit execution. Covers AICPA TSP Section 100 Privacy criteria P1-P8 including n…
United States
·
data-protection
State Privacy Law Applicability Assessment
US state privacy law applicability assessment tool. Evaluates revenue thresholds, data volume thresholds, business exemptions (GLBA, HIPAA, nonprofit…
United States
·
data-protection
Texas Data Privacy and Security Act (TDPSA)
Texas Data Privacy and Security Act (TDPSA) compliance. No revenue threshold applies to all businesses. Covers data broker registration requirements,…
United States
·
data-protection
Universal Opt-Out Mechanism Implementation
Universal opt-out mechanism implementation across US state privacy laws. Covers Global Privacy Control (GPC) signal technical implementation, state-b…
United States
·
data-protection
US Federal Privacy Landscape
Maps the US federal privacy landscape including sectoral laws (HIPAA, GLBA, FERPA, COPPA, FCRA, ECPA, VPPA), FTC Section 5 enforcement, proposed fede…
United States
·
data-protection
Virginia Consumer Data Protection Act (VCDPA)
Virginia Consumer Data Protection Act (VCDPA) compliance implementation. Covers 5 consumer rights, controller obligations, processor requirements, op…
United States
·
healthcare
HIPAA Business Associate Agreement Management — §164.502(e), §164.504(e)
Manages HIPAA Business Associate Agreements under 45 CFR §164.502(e) and §164.504(e). Covers required BAA provisions, business associate vs subcontra…
United States
·
healthcare
Executing HIPAA Breach Notification
Executes breach notification under HIPAA Breach Notification Rule (45 CFR 164.400-414). Covers 60-day individual notification, HHS/OCR reporting for …
United States
·
healthcare
HIPAA Interoperability — Cures Act, ONC, and CMS Requirements
Addresses HIPAA privacy and security requirements for health data interoperability under the 21st Century Cures Act, ONC Health IT Certification Prog…
United States
·
healthcare
HIPAA Privacy Rule — 45 CFR §164.500-534
Implements HIPAA Privacy Rule requirements under 45 CFR §164.500-534 for covered entities and business associates. Covers minimum necessary standard,…
United States
·
healthcare
HIPAA Research Privacy — 45 CFR §164.512(i)
Implements HIPAA Privacy Rule requirements for research uses of protected health information under 45 CFR §164.512(i). Covers IRB and Privacy Board w…
United States
·
healthcare
HIPAA Security Rule — Technical Safeguards 45 CFR §164.312
Implements HIPAA Security Rule technical safeguards under 45 CFR §164.312 for electronic protected health information. Covers access controls with un…
United States
·
healthcare
HITECH Act Privacy and Security Requirements
Implements HITECH Act privacy and security requirements including breach notification expansion, four-tier penalty structure, state attorney general …
United States
·
healthcare
Telehealth Privacy Compliance
Implements telehealth privacy compliance covering HIPAA requirements for virtual care, state licensing and recording consent laws, platform security …
South Africa
·
data-protection
South Africa POPIA Compliance
Implements compliance with South Africa's Protection of Personal Information Act (POPIA), Act No. 4 of 2013. Covers conditions for lawful processing,…