Data Protection — General (jurisdiction-agnostic)
Data Protection skills for General (jurisdiction-agnostic) (imported from open sources; see each skill's author_url for provenance).
Skills
Data Subject Rights for AI Systems
Implements data subject rights mechanisms for AI systems including right to explanation of AI decisions, contestation procedures, human review, model…
Lawful Basis for AI Training Data
Assesses lawful basis for AI training data processing per EDPB April 2025 report on LLMs and general-purpose AI. Covers legitimate interest balancing…
Managing Consent for Analytics Cookies
Managing consent for analytics cookies and implementing privacy-preserving measurement. Covers GA4 privacy configuration, consent mode fallback behav…
Applying Privacy Design Patterns
Systematic application of the eight privacy design patterns per Hoepman: minimize, hide, separate, abstract, inform, control, enforce, and demonstrat…
User Input
[COMMUNITY] Assess EU Data Act (Regulation 2023/2854) compliance for connected products, data holders, and data processing service providers
GDPR Compliance Assessment
Conduct a GDPR compliance assessment for a system or processing activity.
Audit Compliance
Check that your legal compliance is still in good shape. Pick what to check: your privacy policy, your privacy vendor list, or your contract template…
Managing Automated Decision-Making and Profiling Rights
Manages GDPR Article 22 rights related to solely automated decision-making and profiling, including identification of automated decisions, meaningful…
Backup Retention and Erasure Management
Manages backup and archive data under retention schedules and erasure obligations. Covers the technical infeasibility exception for backup deletion, …
Establishing Binding Corporate Rules
Guides development and approval of Binding Corporate Rules under GDPR Article 47 for intra-group international data transfers. Covers Art. 47(2)(a)-(…
Assessing Biometric Processing Privacy
Guides DPIA for biometric processing systems including facial recognition, fingerprint, voice, iris, and gait analysis. Covers Art. 9 special categor…
BosskuAI Legal / Compliance
Use this for product-facing legal and compliance readiness such as privacy posture, consent, retention, vendor/data obligations, policy alignment, an…
Managing Breach Credit Monitoring
Coordinates credit monitoring and identity theft protection services for individuals affected by a data breach. Covers vendor selection criteria, enr…
Maintaining Breach Documentation Records
Maintains the GDPR Article 33(5) breach register documenting all personal data breaches regardless of whether supervisory authority notification was …
Designing Breach Simulation Exercise
Designs and executes tabletop breach simulation exercises for testing organizational breach response capabilities. Covers scenario creation with real…
Managing Data Subject Breach Communication
Manages direct communication to affected data subjects following a personal data breach under GDPR Article 34 when the breach is likely to result in …
Cybersecurity Breach Summary
Summarizes cybersecurity breach incidents into structured legal and compliance records. Trigger when synthesizing incident reports, forensics, logs, …
Universal Escalation Triggers (Apply to All Categories) (+2)
Sub-skill of canned-responses: Universal Escalation Triggers (Apply to All Categories) (+2).
cite-check — Copilot CLI Skill
Verifiable legal-citation tooling for product counsel reviews. Two modes: (1) ORIGINATE — turn a PPL issue into a Word document of Citation Cards whe…
Cloud Service Provider Privacy Assessment
Cloud service provider privacy assessment framework. Covers ISO 27018 cloud privacy controls, CSA STAR certification, SOC 2 Type II evaluation, share…
cold-start-interview-10
Run the cold-start interview — learns your privacy practice and writes CLAUDE.md from your policy, DPA template, and a reference PIA. Use on first ru…
Compliance and Audit
Use when a project requires a compliance framework mapping, when risks need formal documentation, when audit evidence must be collected, or when prod…
Compliance Checklist Skill
Generate a prioritised compliance checklist for GDPR, SOC 2, ISO 27001, FCA, HIPAA, or other frameworks with a gap analysis. Use when asked for a com…
Compliance Checklist Generation
Generate compliance checklists for SOC2, HIPAA, PCI-DSS, and GDPR with gap analysis and remediation priorities.
compliance-evidence
Use when the user needs compliance and privacy evidence.
Compliance Policy Auditor
Audit corporate policies or data-handling descriptions against regulatory frameworks (GDPR, SOC2, HIPAA). Use when users need to identify compliance…
Purpose
Compliance review for auditability, GDPR/PII, retention, financial controls, consent, and regulatory traceability.
Managing Consent for Transfers
Guide for obtaining explicit consent for international data transfers under GDPR Article 49(1)(a). Covers informed consent requirements including ris…
Implementing Consent Withdrawal
Implementation guide for GDPR Article 7(3) consent withdrawal mechanisms. Covers the equal ease requirement ensuring withdrawal is as easy as giving …
Controller RoPA Creation
Creates GDPR Article 30(1) Records of Processing Activities (RoPA) for data controllers with all seven mandatory fields: controller identity and cont…
Pages: Cookie Policy
When the user wants to create or optimize a cookie policy page. Also use when the user mentions "cookie policy," "cookies," "cookie consent," "GDPR c…
Criminal Conviction and Offence Data Handling — GDPR Art. 10
Handles GDPR Art. 10 criminal conviction and offence data classification including official authority requirements, national law derogations, and com…
customize-11
Guided customization of your privacy practice profile — change one thing without re-running the whole cold-start interview. Adjust risk posture, esca…
Cybersecurity Breach Summary
Produces structured cybersecurity breach summary documents for regulatory and compliance use. Use when drafting breach summaries, incident response r…
Data Inventory and Mapping for Classification
Builds comprehensive data inventory per GDPR Art. 30 Records of Processing Activities. Covers system-by-system discovery, data flow diagramming, thir…
Executing Data Portability Requests
Executes GDPR Article 20 data portability requests, covering machine-readable format requirements (JSON, CSV, XML), direct controller-to-controller t…
Critical rules
Ensure data privacy compliance covering GDPR obligations, user consent management, data retention policies, PII detection, and data anonymisation wit…
GDPR Data Processing Addendum (DPA)
Drafts a GDPR Article 28-compliant Data Processing Addendum (DPA) between data controllers and processors. Extracts party details, processing scope, …
Approach
GDPR compliance analysis covering lawful basis assessment, privacy notices, processor agreements, and breach response.
Providing Direct Collection Information
Provides GDPR Article 13 information at the point of direct data collection, covering all required elements under Art. 13(1)(a)-(f) and Art. 13(2)(a)…
Supervisory Authority Inspection Preparation
Guides preparation for supervisory authority (DPA) inspections and investigations including document readiness checklists, interview preparation for …
dpa-review
Review a Data Processing Agreement against your DPA playbook — auto-detects whether you're processor or controller and applies the right half of the …
dpa-review-anthropics
Review a Data Processing Agreement against your DPA playbook — auto-detects whether you're processor or controller and applies the right half of the …
DPA Review
Review a Data Processing Agreement against your DPA playbook — auto-detects whether you're processor or controller and applies the right half of the …
dpa-review-zhou210712
依据你的数据处理协议(DPA)操作手册审查一份DPA——自动检测你是受托处理者 还是处理者,并应用操作手册正确的半部分。当用户说"审查这份DPA""检查这份 数据处理附录""客户发来了他们的DPA""这份DPA可以吗",或附上一份DPA时使用。
DPIA Risk Scoring Methodology
Provides a structured risk scoring methodology for Data Protection Impact Assessments aligned with ENISA threat taxonomy and ISO 29134. Covers likeli…
Draft Cybersecurity Website Terms and Cookie Policies
Generates Terms of Use and Cookie Policy documents for a cybersecurity company website, strictly limiting data usage to newsletters and event updates…
Processing Data Subject Access Requests
Guides AI agents through the complete GDPR Data Subject Access Request (DSAR) workflow under Article 15, including identity verification, 30-day dead…
dsar-response
Walk through a Data Subject Access Request (or deletion, portability, correction request) and draft the response — verify identity, locate data syste…
dsar-response-anthropics
Walk through a Data Subject Access Request (or deletion, portability, correction request) and draft the response — verify identity, locate data syste…
DSAR Response
Walk through a Data Subject Access Request (or deletion, portability, correction request) and draft the response — verify identity, locate data syste…
Employee DSAR Response
Manages Data Subject Access Request procedures for employee requests under Art. 15 GDPR. Covers scope of disclosable HR records, emails, CCTV footage…
Employee Monitoring DPIA
Conducts Data Protection Impact Assessments for employee monitoring systems per EDPB Guidelines 3/2019 on workplace data processing. Covers video sur…
Employment Consent Limits
Analyses the limitations on consent as a lawful basis for processing employee data under Art. 88 GDPR and WP29 Opinion 2/2017. Addresses power imbala…
encargo
Revisor de encargos de tratamiento — revisa un contrato de encargado del tratamiento contra el playbook configurado (como responsable o como encargad…
ePrivacy Directive Article 5(3) Essential Cookie Exemption
Applying the ePrivacy Directive Article 5(3) strictly necessary exemption to classify cookies that do not require consent. Covers exemption criteria,…
gdpr-audit-prep
/cs:gdpr-audit-prep <scope> — GDPR audit 6-question Article-cited forcing interrogation. Use before annual internal GDPR review, post-breach internal…
Implementing Data Protection Certification
Guides implementation of GDPR Article 42-43 data protection certification mechanisms including accredited certification bodies, criteria development,…
Developing Codes of Conduct
Guides development of GDPR Article 40-41 codes of conduct for industry sectors including drafting, submission, and monitoring body requirements. Acti…
Conducting Data Protection Audit
Guides a comprehensive organisational data protection audit against key GDPR requirements including Articles 5, 24, 25, 28, 30, 32, 35, and 37. Inclu…
GDPR Compliance for Marketing
Ensure GDPR compliance for marketing activities including consent management, data processing, privacy notices, and data subject rights
GDPR Compliance
GDPR compliance - data subject rights, lawful basis, DPIA, privacy by design, breach notification, consent management, cross-border transfers, PII masking
GDPR Data Processing Addendum (DPA)
Drafts an Article 28-aligned GDPR Data Processing Addendum (DPA) as an attachable annex for SaaS, cloud, or outsourcing agreements. Outputs review-re…
GDPR Data Processing Addendum (DPA)
Drafts GDPR Article 28-compliant Data Processing Addenda with schedules ready for execution. Use when drafting or updating a DPA, vendor GDPR addendu…
Appointing EU Representative
Guides appointment of GDPR Article 27 EU representative for non-EU controllers or processors. Covers criteria, responsibilities, and documentation. A…
GDPR Parental Consent Verification
Implements GDPR Article 8 parental consent verification for information society services offered to children. Covers age thresholds by EU/EEA Member …
Conducting Prior Consultation Process
Guides the GDPR Article 36 prior consultation process with supervisory authorities when a DPIA indicates high residual risk. Covers timeline requirem…
Creating GDPR Remediation Roadmap
Guides conversion of gap analysis findings into phased implementation plans with milestones and risk-based prioritisation. Activate when building com…
Performing GDPR Controller Self-Assessment
Guides comprehensive controller self-assessment covering GDPR Articles 5-49 with scoring methodology and reporting format. Activate when conducting i…
Generate a Compliance Audit Document
Generate a formatted PDF compliance audit document with findings, risk ratings, remediation recommendations, and sign-off sections.
Generating Compliance Reports
Generate comprehensive compliance reports for security standards. Use when creating compliance documentation. Trigger with 'generate compliance repor…
Configuring Google Consent Mode v2
Configuring Google Consent Mode v2 for privacy-compliant measurement and advertising. Covers default and update commands, consent state mapping to GA…
Providing Indirect Collection Information
Provides GDPR Article 14 information for personal data obtained from sources other than the data subject, covering timing requirements (within reason…
Information Security Policy
Drafts a board-approvable Information Security Policy covering data classification, access controls, encryption, incident response, breach notificati…
Tabletop Exercise Script for Incident Response Plan
Drafts a tabletop exercise script to stress-test an organization's Incident Response Plan against cybersecurity threats and breach notification oblig…
ISO 27701 Privacy Information Management Skill
Expert ISO 27701 Privacy Information Management System (PIMS) compliance advisor. Use this skill whenever a user asks about ISO/IEC 27701:2025, ISO/I…
Managing Joint Controller Arrangements
Guides the establishment and management of joint controller arrangements under GDPR Article 26, including determination of joint controllership, allo…
Canned Responses Skill
Generate templated responses for common legal inquiries and identify when situations require individualized attention. Use when responding to routine…
Implementing Lawful Basis Assessment
Guides determination of the correct lawful basis under GDPR Article 6(1)(a)-(f) for each processing activity. Includes decision tree logic for consen…
legal-advisor
legal-advisor workflow skill. Use this skill when the user needs Draft privacy policies, terms of service, disclaimers, and legal notices. Creates GD…
legal-advisor
legal-advisor workflow skill. Use this skill when the user needs Draft privacy policies, terms of service, disclaimers, and legal notices. Creates GD…
Privacy & Terms Generator
Generate jurisdiction-aware Privacy Policies and Terms & Conditions for SaaS products, apps, and digital services. Use this skill whenever the user a…
Legal Lite Privacy Review
DPA, 개인정보 처리 활동, DSAR, PIA/DPIA, privacy policy 변경을 검토합니다. 사용자가 제공한 정책/문서/처리 설명을 기준으로 개인정보 리스크와 확인 질문, 초안 산출물을 만들 때 사용합니다.
Assessing Legitimate Interest vs Consent
Decision framework for choosing between consent and legitimate interest as the lawful basis for processing. Covers power imbalance indicators, condit…
Performing Legitimate Interest Assessment
Guides the three-part Legitimate Interest Assessment (LIA) required under GDPR Article 6(1)(f): purpose test, necessity test, and balancing test. Act…
Managing Consent for Research
Guide for managing consent for scientific research under GDPR Article 89 and Recital 33 broad consent provisions. Covers ethical review board coordin…
Assessing Marketing Analytics Privacy
Guides DPIA for marketing profiling, behavioural targeting, cross-device tracking, and advertising analytics. Covers ePrivacy Directive Art. 5(3) coo…
NIST Privacy Framework — IDENTIFY Function
Implement the NIST Privacy Framework IDENTIFY function including ID.BE business environment, ID.DA data actions, ID.IM improvement, and ID.RA risk as…
Personal Data Classification Test — GDPR Art. 4(1)
Classifies personal vs non-personal data per GDPR Art. 4(1) definition test with decision tree for borderline cases. References Breyer v Germany CJEU…
pia-generation
Generate a Privacy Impact Assessment in house format for a new feature, product, or processing activity, using the structure learned from your seed P…
PIA Generation
Generate a Privacy Impact Assessment in house format for a new feature, product, or processing activity, using the structure learned from your seed PIA.
Privacy Impact Assessment for Large-Scale Monitoring
Conducts Privacy Impact Assessment for large-scale systematic monitoring under GDPR Article 35(3)(c). Covers CCTV and video surveillance, employee mo…
Managing PIA Review and Update Cadence
Guides the periodic DPIA review lifecycle including trigger identification for regulatory changes, new data categories, technology changes, and breac…
policy-monitor-anthropics
Keep the privacy policy current with practice. Two modes: weekly sweep of saved PIAs, DPA reviews, and triage results to find policy drift; or direct…
policy-redraft-zekaisuni
Policy-diff veya gaps sonucunda bulunan boşluğu kapatmak için Türkçe/İngilizce iç politika üzerinde öneri redraft üretir. Kaynak politika dosyasını d…
Privacy Guideline
Privacy and data protection - GDPR, CCPA, consent. Use when handling user data.
Privacy Check Skill
Use to assess Privacy by Design compliance and GDPR/data protection alignment for a feature or system.
Privacy Law Gap Analysis for Market Entry
Guides conducting privacy law gap analysis for market entry into new jurisdictions. Covers target jurisdiction assessment, existing compliance mappin…
Pages: Privacy Policy
When the user wants to create, optimize, or structure Privacy Policy page. Also use when the user mentions "privacy policy," "privacy page," "data pr…
개인정보처리방침 생성기
데이터 유형, 관할권, GDPR 및 컴플라이언스 고려사항, 법률 검토가 필요한 조항을 다루는 상세한 개인정보처리방침을 초안 작성합니다. 개인정보처리방침 작성, 데이터 보호 문서 업데이트, 또는 컴플라이언스 준비 시 사용하세요.
Privacy policy paperclipai
Draft a detailed privacy policy covering data types, jurisdiction, GDPR and compliance considerations, and clauses needing legal review
Privacy Policy Generator
Draft a detailed privacy policy covering data types, jurisdiction, GDPR and compliance considerations, and clauses needing legal review. Use when cre…
Skill: privacy-policy-reviewer
Review a privacy policy or terms of service against a structured scorecard, combining TOSDR's human-curated ratings with LLM analysis. Use when a use…
Pseudonymised vs Anonymised Data Classification
Classifies data as pseudonymised or anonymised using Recital 26 reasonably likely test, Breyer ruling C-582/14, motivated intruder test, and WP29 Opi…
Recovery App Legal Terms
Generate legally-sound terms of service, privacy policies, and medical disclaimers for recovery and wellness applications. Expert in HIPAA, GDPR, CCP…
reg-gap-analysis-anthropics
Diff a new or changed regulation against current privacy policy and practice — outputs a gap list and a remediation plan with owners and dates. Use w…
Handling Right to Restriction Requests
Handles GDPR Article 18 right to restriction of processing requests, covering the four grounds for restriction (accuracy contest, unlawful processing…
Retention Exception Management
Manages retention exception workflows including request-approval processes, duration limits, periodic review cycles, documentation requirements, and …
Implementing Right to Erasure Workflow
Implements the GDPR Article 17 right to erasure (right to be forgotten) workflow, covering all six grounds for erasure, five exceptions, technical de…
Handling Right to Object to Processing
Handles GDPR Article 21 right to object to processing, including compelling legitimate grounds assessment, ceasing processing obligations, documentat…
Processing Right to Rectification
Processes GDPR Article 16 right to rectification requests, covering verification of corrected data accuracy, notification to recipients under Article…
RoPA Maintenance Workflow
Establishes ongoing RoPA maintenance processes including update triggers, change management integration, version control, stakeholder review cycles, …
RoPA Tool Integration
Integrates Records of Processing Activities with privacy management platforms including OneTrust, TrustArc, Collibra, and DataGrail. Covers API-based…
Search Engine Erasure (Right to Be Forgotten)
Implements the right to be forgotten in search engines under GDPR Article 17 and the CJEU Google Spain ruling (C-131/12). Covers delisting request pr…
Slovak to English GDPR Translation
Translates legal articles from Slovak to English with strict terminology mappings for GDPR terms ('prevádzkovateľ' to 'Controller', 'sprostredkovateľ…
Special Category Data Classification — GDPR Art. 9
Identifies and classifies GDPR Art. 9 special category data including racial origin, political opinions, religious beliefs, trade union membership, g…
Sub-Processor Management
GDPR Article 28(2) sub-processor approval workflow management. Covers prior specific and general authorization mechanisms, change notification proced…
Implementing Supplementary Measures
Guides implementation of technical, contractual, and organisational supplementary measures for international data transfers per EDPB Recommendations …
Terms of Service Analyzer
Analyze terms of service and privacy policies to identify concerning clauses, hidden permissions, and user rights implications
Terms Recon
Survey existing privacy and legal docs for completeness and GDPR compliance.
Conducting Transfer Impact Assessment
Guides the post-Schrems II Transfer Impact Assessment process following EDPB Recommendations 01/2020 six-step methodology. Covers destination country…
Implementing Transparent Communication
Implements GDPR Article 12 transparent information and communication requirements, covering concise, intelligible, and plain language obligations, re…
use-case-triage
Quickly determine whether a processing activity needs a PIA, a mandatory GDPR DPIA, or can proceed — surfaces privacy policy conflicts and routes to …
vendor-ai-review-anthropics
Review vendor AI terms — agreement, addendum, or ToS AI provisions — against your governance positions; flag training-on-data, liability, model chang…
Vendor Privacy Audit
On-site and remote vendor audit procedures per GDPR Article 28(3)(h). Covers audit planning, evidence collection methodologies, finding classificatio…
Vendor Privacy Due Diligence
Pre-contract vendor privacy due diligence per GDPR Article 28(1). Covers risk questionnaires, technical controls assessment, certification review, da…
Vendor Security Assessment Questionnaire
Drafts a Vendor Security Assessment Questionnaire evaluating third-party cybersecurity posture, data handling, and regulatory compliance. Vendor resp…