implementing-gdpr-data-protection-controls
The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill cover
Works with
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Install Skill
Run in your terminal
0
installs
0
this week
8.6K
stars
Installation Guide
How to use implementing-gdpr-data-protection-controls on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your machine
- ›Node.js 16+ with npm — verify with
node --version - ›Active project directory where you want to add
implementing-gdpr-data-protection-controls
Run the install command
Execute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-gdpr-data-protection-controls from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
Select Cursor when prompted
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-gdpr-data-protection-controls. Access via /implementing-gdpr-data-protection-controls in your agent's command palette.
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Documentation
| name | implementing-gdpr-data-protection-controls |
| description | The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill cover |
| domain | cybersecurity |
| subdomain | compliance-governance |
| tags | - compliance - governance - gdpr - privacy - data-protection - eu-regulation |
| nist_csf | - GV.OC-02 - GV.PO-01 - PR.DS-01 - PR.AA-01 - ID.AM-02 |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_ai_rmf | - MEASURE-2.7 - MAP-5.1 - MANAGE-2.4 - MEASURE-2.8 - MEASURE-2.9 |
| atlas_techniques | - AML.T0070 - AML.T0066 - AML.T0082 |
Implementing GDPR Data Protection Controls
Overview
The General Data Protection Regulation (EU) 2016/679 (GDPR) is the EU's comprehensive data protection law governing the collection, processing, storage, and transfer of personal data. This skill covers implementing the technical and organizational measures required by GDPR, including data protection by design and by default, Data Protection Impact Assessments (DPIAs), data subject rights management, breach notification procedures, and cross-border data transfer mechanisms.
When to Use
- When deploying or configuring implementing gdpr data protection controls capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Understanding of EU data protection law and its territorial scope
- Knowledge of personal data processing activities within the organization
- Familiarity with data architecture, databases, and application systems
- Understanding of data flows including cross-border transfers
Core Concepts
Key GDPR Articles for Technical Controls
| Article | Requirement |
|---|---|
| Art. 5 | Principles: lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, accountability |
| Art. 6 | Lawful basis for processing (consent, contract, legal obligation, vital interests, public task, legitimate interest) |
| Art. 25 | Data protection by design and by default |
| Art. 28 | Processor obligations and contractual requirements |
| Art. 30 | Records of processing activities (ROPA) |
| Art. 32 | Security of processing (technical and organizational measures) |
| Art. 33 | Breach notification to supervisory authority (72 hours) |
| Art. 34 | Communication of breach to data subjects |
| Art. 35 | Data Protection Impact Assessment (DPIA) |
| Art. 37-39 | Data Protection Officer (DPO) appointment and role |
| Art. 44-49 | Cross-border data transfers (adequacy, SCCs, BCRs) |
Article 32 Security Measures
The regulation requires organizations to implement measures appropriate to the risk:
- Pseudonymization and encryption of personal data
- Confidentiality, integrity, availability, and resilience of processing systems
- Ability to restore availability and access to personal data in a timely manner
- Regular testing and evaluation of technical and organizational measures
Data Subject Rights (Articles 12-22)
| Right | Article | Description |
|---|---|---|
| Right to be informed | 13-14 | Transparent information about processing |
| Right of access | 15 | Obtain copy of personal data |
| Right to rectification | 16 | Correct inaccurate data |
| Right to erasure | 17 | "Right to be forgotten" |
| Right to restrict processing | 18 | Limit processing of data |
| Right to data portability | 20 | Receive data in machine-readable format |
| Right to object | 21 | Object to processing (especially direct marketing) |
| Automated decision-making | 22 | Not be subject to solely automated decisions |
Workflow
Phase 1: Data Mapping and Assessment (Weeks 1-6)
- Create comprehensive data inventory:
- What personal data is collected
- From whom (data subjects)
- Why (purposes and lawful bases)
- Where it's stored (systems, locations, countries)
- Who has access (internal and external)
- How long it's retained
- What security measures protect it
- Document Records of Processing Activities (ROPA) per Article 30
- Identify lawful basis for each processing activity
- Map cross-border data transfers and transfer mechanisms
- Identify processing activities requiring DPIA
Phase 2: Gap Analysis and Risk Assessment (Weeks 7-10)
- Assess current state against GDPR requirements
- Perform DPIAs for high-risk processing activities
- Identify security gaps in Article 32 compliance
- Evaluate data retention compliance
- Assess data subject rights request handling capabilities
Phase 3: Technical Controls Implementation (Weeks 11-24)
- Encryption:
- Data at rest: AES-256 for databases, file systems, backups
- Data in transit: TLS 1.2+ for all personal data transfers
- Key management: secure key storage and rotation procedures
- Pseudonymization:
- Implement tokenization for sensitive identifiers
- Separate pseudonymization keys from data stores
- Access Controls:
- Role-based access control (RBAC) for personal data
- Principle of least privilege
- MFA for systems processing personal data
- Regular access reviews
- Data Minimization:
- Implement data collection limits at application layer
- Default privacy settings (data protection by default)
- Automated data retention enforcement
- Erasure and Portability:
- Build data deletion workflows across all systems
- Implement data export in machine-readable formats (JSON, CSV)
- Cascade deletion to backups and archives
- Consent Management:
- Implement granular consent collection mechanisms
- Consent withdrawal functionality
- Consent audit trail and versioning
- Breach Detection:
- SIEM for personal data access monitoring
- Data loss prevention (DLP) controls
- Anomalous access detection
Phase 4: Organizational Controls (Weeks 11-24)
- Appoint Data Protection Officer (DPO) if required
- Develop data protection policies and procedures
- Create breach notification procedures (72-hour timeline)
- Establish data subject request (DSR) handling procedures
- Implement vendor management with Data Processing Agreements (DPAs)
- Deploy privacy awareness training for all staff
- Create data protection by design guidance for development teams
Phase 5: Documentation and Compliance Evidence (Weeks 25-30)
- Finalize ROPA documentation
- Document all DPIAs and outcomes
- Create data protection policies
- Document technical and organizational measures
- Establish privacy notice and consent records
- Create international transfer documentation (SCCs, TIAs)
Phase 6: Ongoing Compliance (Continuous)
- Regular DPIA reviews for new processing activities
- Annual data mapping refresh
- Periodic security measure testing (Art. 32 requirement)
- Data subject request tracking and SLA monitoring
- Breach response readiness testing
- Training refresh and awareness campaigns
Key Artifacts
- Records of Processing Activities (ROPA)
- Data Protection Impact Assessments (DPIAs)
- Data Processing Agreements (DPAs)
- Privacy Notices and Consent Records
- Breach Response Procedures and Register
- Data Subject Request Handling Procedures
- International Data Transfer Mechanisms (SCCs, BCRs)
- Technical and Organizational Measures Documentation
Common Pitfalls
- Treating GDPR as only a legal/compliance exercise without technical implementation
- Incomplete data mapping missing shadow IT or legacy systems
- Failing to maintain consent audit trails
- Not testing 72-hour breach notification capability
- Ignoring cross-border transfer requirements for cloud services
- Over-reliance on consent as lawful basis when legitimate interest applies
References
- GDPR Official Text: https://gdpr-info.eu/
- European Data Protection Board (EDPB) Guidelines
- ICO (UK) GDPR Guidance: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
- CNIL (France) GDPR Compliance Toolkit
- Article 29 Working Party Guidelines on DPIAs
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases
Exploratory Data Analysis
Quickly understand datasets, identify patterns, and generate insights
Example
Analyze CSV with 100K rows, identify outliers, visualize correlations, suggest hypotheses
Reduce EDA time from hours to minutes, uncover insights faster
Data Cleaning & Transformation
Write scripts to clean messy data, handle missing values, normalize formats
Example
Generate Python/SQL to fix date formats, impute missing values, remove duplicates
Automate 80% of data preprocessing work
Statistical Analysis
Perform hypothesis testing, regression, and statistical modeling
Example
Run A/B test analysis, calculate confidence intervals, interpret p-values
Get statistically sound analysis without PhD in statistics
Data Visualization
Create charts, dashboards, and visual reports
Example
Generate matplotlib/seaborn code for time series plots, distribution charts, heatmaps
Build presentation-ready visualizations 3x faster
Implementation Guide
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Python environment (pandas, numpy, matplotlib) or SQL database access
- ›Basic understanding of data analysis concepts
- ›Sample datasets for testing skill capabilities
Time Estimate
20-40 minutes to set up and run first analysis
Steps
- 1Install data analysis skill using provided command
- 2Prepare a sample dataset (CSV, JSON, or database connection)
- 3Start with descriptive statistics: 'Summarize this dataset'
- 4Progress to visualization: 'Create a scatter plot of X vs Y'
- 5Advanced analysis: 'Run linear regression and interpret results'
- 6Validate outputs: check calculations, verify visualizations make sense
- 7Document analysis workflow for reproducibility
Common Pitfalls
- ⚠Not validating statistical assumptions before applying tests
- ⚠Accepting visualizations without checking data accuracy
- ⚠Overlooking data quality issues (missing values, outliers)
- ⚠Misinterpreting correlation as causation
- ⚠Using wrong statistical test for data distribution
- ⚠Not considering sample size and statistical power
Best Practices
✓ Do
- +Always validate data quality before analysis
- +Check statistical assumptions (normality, independence, etc.)
- +Visualize data before running statistical tests
- +Document analysis steps for reproducibility
- +Cross-validate findings with domain experts
- +Use skill for initial exploration, then dive deeper manually
- +Save generated code for reuse on similar datasets
✗ Don't
- −Don't trust analysis without verifying data quality
- −Don't apply statistical tests without checking assumptions
- −Don't make business decisions solely on AI-generated analysis
- −Don't ignore outliers without investigating cause
- −Don't skip data validation and sanity checks
- −Don't use for mission-critical financial or medical analysis without expert review
💡 Pro Tips
- ★Describe data context: 'This is user behavior data from e-commerce site'
- ★Ask for interpretation: 'What does this correlation mean for business?'
- ★Request multiple approaches: 'Show 3 ways to handle missing data'
- ★Combine AI analysis with domain expertise for best insights
- ★Use for rapid prototyping, then refine analysis manually
When to Use This
✓ Use when
Use for exploratory data analysis, data cleaning, statistical testing, visualization prototyping, and learning new analysis techniques. Best for initial exploration and rapid insights.
✗ Avoid when
Avoid for mission-critical financial analysis, medical research requiring regulatory compliance, production ML models, or when deep statistical expertise is required for nuanced interpretation.
Learning Path
- 1Basic: descriptive statistics, data cleaning, simple visualizations
- 2Intermediate: hypothesis testing, regression, correlation analysis
- 3Advanced: time series analysis, clustering, predictive modeling
- 4Expert: causal inference, experimental design, advanced statistical methods
Related Skills
performing-cryptographic-audit-of-application
5mukul975/Anthropic-Cybersecurity-Skills
implementing-soar-playbook-with-palo-alto-xsoar
3mukul975/Anthropic-Cybersecurity-Skills
exploiting-deeplink-vulnerabilities
3mukul975/Anthropic-Cybersecurity-Skills
generating-threat-intelligence-reports
2mukul975/Anthropic-Cybersecurity-Skills
analyzing-network-traffic-with-wireshark
2mukul975/Anthropic-Cybersecurity-Skills
scanning-docker-images-with-trivy
2mukul975/Anthropic-Cybersecurity-Skills
Reviews
- IIsabella Sethi★★★★★Dec 28, 2024
Registry listing for implementing-gdpr-data-protection-controls matched our evaluation — installs cleanly and behaves as described in the markdown.
- AAisha Iyer★★★★★Dec 12, 2024
Keeps context tight: implementing-gdpr-data-protection-controls is the kind of skill you can hand to a new teammate without a long onboarding doc.
- TTariq Okafor★★★★★Dec 8, 2024
I recommend implementing-gdpr-data-protection-controls for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- KKofi Gill★★★★★Dec 8, 2024
We added implementing-gdpr-data-protection-controls from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- DDhruvi Jain★★★★★Dec 4, 2024
implementing-gdpr-data-protection-controls is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- DDiya Gonzalez★★★★★Dec 4, 2024
Useful defaults in implementing-gdpr-data-protection-controls — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- NNoah Desai★★★★★Dec 4, 2024
Solid pick for teams standardizing on skills: implementing-gdpr-data-protection-controls is focused, and the summary matches what you get after install.
- LLi Diallo★★★★★Nov 27, 2024
Useful defaults in implementing-gdpr-data-protection-controls — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- OOshnikdeep★★★★★Nov 23, 2024
Keeps context tight: implementing-gdpr-data-protection-controls is the kind of skill you can hand to a new teammate without a long onboarding doc.
- KKofi Dixit★★★★★Nov 23, 2024
We added implementing-gdpr-data-protection-controls from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
showing 1-10 of 65
Discussion
Comments — not star reviews- No comments yet — start the thread.