explainx.ainewsletter3.4k
Productivity

data-privacy-compliance

davila7/claude-code-templates · updated Apr 8, 2026

MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.

$npx skills add https://github.com/davila7/claude-code-templates --skill data-privacy-compliance
0 commentsdiscussion
summary

Comprehensive guidance for implementing data privacy compliance across GDPR, CCPA, HIPAA, and other global data protection regulations.

skill.md

Data Privacy Compliance

Comprehensive guidance for implementing data privacy compliance across GDPR, CCPA, HIPAA, and other global data protection regulations.

When to Use This Skill

Use this skill when:

  • Implementing GDPR, CCPA, or HIPAA compliance
  • Conducting Data Protection Impact Assessments (DPIA)
  • Managing data subject rights (access, deletion, portability)
  • Implementing consent management systems
  • Drafting privacy policies and notices
  • Handling data breaches and incident response
  • Designing privacy-by-design systems
  • Conducting privacy audits and assessments

Key Regulations Overview

GDPR (General Data Protection Regulation)

Scope: EU residents' data, regardless of where company is located Key Requirements:

  • Lawful basis for processing (consent, contract, legitimate interest, etc.)
  • Data subject rights (access, deletion, portability, objection)
  • Data Protection Impact Assessments for high-risk processing
  • 72-hour breach notification requirement
  • Records of processing activities
  • Privacy by design and by default

Penalties: Up to €20M or 4% of global annual revenue

CCPA/CPRA (California Consumer Privacy Act)

Scope: California residents' data Key Requirements:

  • Right to know what data is collected
  • Right to delete personal information
  • Right to opt-out of sale/sharing
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information

Penalties: Up to $7,500 per intentional violation

HIPAA (Health Insurance Portability and Accountability Act)

Scope: Protected Health Information (PHI) in the US Key Requirements:

  • Privacy Rule (patient rights and information uses)
  • Security Rule (safeguards for ePHI)
  • Breach Notification Rule (60-day notification)
  • Business Associate Agreements (BAAs)

Penalties: Up to $1.5M per violation category per year

Data Subject Rights Implementation

1. Right to Access (GDPR Art. 15 / CCPA § 1798.100)

Request Handler:

async function handleAccessRequest(userId, email) {
  // Verify identity
  const verified = await verifyIdentity(email);
  if (!verified) throw new Error('Identity verification failed');

  // Collect all personal data
  const userData = await collectUserData(userId);

  // Format for readability
  const report = {
    personalInfo: userData.profile,
    activityLogs: userData.activities,
    preferences: userData.settings,
    thirdPartySharing: userData.dataSharing,
    retentionPeriod: '2 years from last activity',
    dataProtectionOfficer: '[email protected]'
  };

  // Generate downloadable report
  const pdf = await generatePDFReport(report);

  // Log request for compliance
  await logAccessRequest(userId, 'completed');

  return pdf;
}

Response Timeline:

  • GDPR: 1 month (extendable to 3 months)
  • CCPA: 45 days (extendable to 90 days)

2. Right to Deletion (GDPR Art. 17 / CCPA § 1798.105)

Deletion Handler:

async function handleDeletionRequest(userId, email) {
  // Verify identity
  const verified = await verifyIdentity(email);
  if (!verified) throw new Error('Identity verification failed');

  // Check for legal obligations to retain
  const mustRetain = await checkRetentionRequirements(userId);
  if (mustRetain.required) {
    return {
      status: 'partial_deletion',
      retained: mustRetain.data,
      reason: mustRetain.legalBasis,
      retentionPeriod: mustRetain.period
    };
  }

  // Delete from all systems
  await Promise.all([
    deleteFromDatabase(userId),
    deleteFromBackups(userId), // Mark for deletion in next backup cycle
    deleteFromAnalytics(userId),
    deleteFromThirdPartyServices(userId),
    revokeAPIKeys(userId),
    anonymizeHistoricalRecords(userId)
  ]);

  // Confirm deletion
  await sendDeletionConfirmation(email);
  await logDeletionRequest(userId, 'completed');

  return { status: 'deleted', timestamp: new Date() };
}

Exceptions (when deletion can be refused):

  • Legal obligations (tax records, contracts)
  • Public interest/scientific research
  • Defense of legal claims
  • Exercise of freedom of expression

3. Right to Data Portability (GDPR Art. 20)

Export Handler:

async function handlePortabilityRequest(userId, format = 'json') {
  const userData = await collectUserData(userId);

  // Structure in machine-readable format
  const portableData = {
    exportDate: new Date().toISOString(),
    userId: userId,
    data: {
      profile: userData.profile,
      content: userData.userGeneratedContent,
      settings: userData.preferences,
      history: userData.activityHistory
    }
  };

  // Support multiple formats
  if (format === 'csv') {
    return convertToCSV(portableData);
  } else if (format === 'xml') {
    return convertToXML(portableData);
  }

  return portableData; // JSON by default
}

Requirements:

  • Structured, commonly used, machine-readable format
  • Ability to transmit directly to another controller
  • Only applies to data provided by data subject
  • Only for automated processing based on consent or contract

4. Right to Object (GDPR Art. 21)

Objection Handler:

async function handleObjectionRequest(userId, processingType) {
  switch (processingType) {
    case 'direct_marketing':
      // Must stop immediately
      await disableMarketing(userId);
      await updateConsent(userId, 'marketing', false);
      break;

    case 'legitimate_interest':
      // Assess if we have compelling grounds
      const assessment = await assessLegitimateInterest(userId);
      if (!assessment.compelling) {
        await stopProcessing(userId, processingType);
      }
      return assessment;
how to use data-privacy-compliance

How to use data-privacy-compliance on Cursor

AI-first code editor with Composer

1

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

  • Cursor installed and configured on your development machine
  • Node.js version 16.0+ with npm package manager (verify with node --version)
  • Active project directory or workspace where you want to add data-privacy-compliance
2

Execute installation command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills add https://github.com/davila7/claude-code-templates --skill data-privacy-compliance

The skills CLI fetches data-privacy-compliance from GitHub repository davila7/claude-code-templates and configures it for Cursor.

3

Select Cursor when prompted

The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:

◆ Which agents do you want to install to?
│ ── Universal (.agents/skills) ── always included ────
│ • Amp
│ • Antigravity
│ • Cline
│ • Codex
│ ●Cursor(selected)
│ • Cursor
│ • Windsurf
4

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/data-privacy-compliance

Reload or restart Cursor to activate data-privacy-compliance. Access the skill through slash commands (e.g., /data-privacy-compliance) or your agent's skill management interface.

Security & Verification Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.

Additional Resources

View source code on GitHubSkills CLI documentationLearn more about CursorWhat are agent skills?

List & Monetize Your Skill

Submit your Claude Code skill and start earning

GET_STARTED →

Use Cases

User Story & Requirements Generation

Create detailed user stories, acceptance criteria, and feature specs

Example

Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios

Reduce spec writing time by 50%, ensure comprehensive coverage

Competitive Analysis

Research competitors, compare features, identify gaps

Example

Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities

Complete competitive research in 2 hours instead of 2 days

Roadmap Prioritization

Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs

Example

Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale

Make data-driven prioritization decisions faster

Stakeholder Communication

Draft PRDs, status updates, and stakeholder presentations

Example

Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement

Save 3-5 hours/week on communication overhead

Implementation Guide

Prerequisites

  • Claude Desktop or compatible AI client
  • Access to product documentation and roadmap tools (Jira, Notion, etc.)
  • Understanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
  • Stakeholder contact information and communication channels

Time Estimate

30-60 minutes to see productivity improvements

Installation Steps

  1. 1.Install product management skill
  2. 2.Start with user story generation for known feature
  3. 3.Progress to competitive analysis: research 2-3 competitors
  4. 4.Use for roadmap prioritization: apply RICE/ICE scoring
  5. 5.Draft stakeholder communications and refine based on feedback
  6. 6.Build template library for recurring PM tasks
  7. 7.Share effective prompts with product team

Common Pitfalls

  • Not validating competitive research—verify facts before sharing
  • Accepting user stories without involving engineering team
  • Over-relying on frameworks without qualitative judgment
  • Not customizing outputs to company culture and communication style
  • Skipping stakeholder validation of generated requirements

Best Practices

✓ Do

  • +Validate research and competitive analysis with real data
  • +Collaborate with engineering when generating technical requirements
  • +Customize frameworks and templates to your company context
  • +Use skill for first drafts, refine with stakeholder input
  • +Document successful prompt patterns for PM tasks
  • +Combine AI efficiency with human judgment and intuition

✗ Don't

  • Don't publish competitive analysis without fact-checking
  • Don't finalize user stories without engineering review
  • Don't make prioritization decisions solely on AI scoring
  • Don't skip customer validation of generated requirements
  • Don't ignore company-specific context and culture

💡 Pro Tips

  • Provide context: company goals, constraints, customer feedback
  • Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
  • Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
  • Use skill for 70% generation + 30% customization to company needs

When to Use This

✓ Use When

Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.

✗ Avoid When

Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.

Learning Path

  1. 1Basic: user stories, feature specs, status updates
  2. 2Intermediate: competitive analysis, prioritization frameworks, PRDs
  3. 3Advanced: product strategy, go-to-market planning, OKR setting
  4. 4Expert: product vision, market positioning, business model innovation

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.635 reviews
  • Isabella Lopez· Dec 24, 2024

    data-privacy-compliance reduced setup friction for our internal harness; good balance of opinion and flexibility.

  • Chaitanya Patil· Dec 16, 2024

    Keeps context tight: data-privacy-compliance is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Hassan Dixit· Dec 16, 2024

    Registry listing for data-privacy-compliance matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Amina Menon· Nov 15, 2024

    I recommend data-privacy-compliance for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

  • Hassan Johnson· Nov 11, 2024

    data-privacy-compliance fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Piyush G· Nov 7, 2024

    data-privacy-compliance has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Nia Menon· Nov 7, 2024

    Useful defaults in data-privacy-compliance — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Shikha Mishra· Oct 26, 2024

    Solid pick for teams standardizing on skills: data-privacy-compliance is focused, and the summary matches what you get after install.

  • Mia Khanna· Oct 26, 2024

    I recommend data-privacy-compliance for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

  • Mei Li· Oct 6, 2024

    Useful defaults in data-privacy-compliance — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

showing 1-10 of 35

1 / 4