Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices, GDPR Article 35 DPIA and CCPA/CPRA alignment checks, data inventory cataloging, and remediation tracking. Implements the NIST Privacy Framework PRAM methodology and ICO DPIA guidance for systematic identification and mitigation of privacy risks across processing activities. Use when conducting privacy assessments for new systems, evaluating regulatory compliance posture, or building automated privacy governance programs.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-privacy-impact-assessmentExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-privacy-impact-assessment from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-privacy-impact-assessment. Access via /performing-privacy-impact-assessment in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | performing-privacy-impact-assessment |
| description | 'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices, GDPR Article 35 DPIA and CCPA/CPRA alignment checks, data inventory cataloging, and remediation tracking. Implements the NIST Privacy Framework PRAM methodology and ICO DPIA guidance for systematic identification and mitigation of privacy risks across processing activities. Use when conducting privacy assessments for new systems, evaluating regulatory compliance posture, or building automated privacy governance programs. ' |
| domain | cybersecurity |
| subdomain | privacy-compliance |
| tags | - privacy - impact-assessment - GDPR - CCPA - NIST - DPIA - data-flow-mapping - risk-scoring |
| version | '1.0' |
| author | mukul975 |
| license | Apache-2.0 |
| nist_csf | - GV.PO-01 - PR.DS-01 - GV.OC-05 |
Build a complete inventory of personal data processing activities. Each record of processing activity (ROPA) entry must capture the data categories, legal basis, retention periods, and data subjects involved.
from agent import PrivacyImpactAssessmentEngine
engine = PrivacyImpactAssessmentEngine()
# Register a processing activity for assessment
activity = engine.register_processing_activity(
name="Customer Analytics Platform",
description="Collects browsing behavior and purchase history for personalization",
data_controller="Acme Corp",
data_processor="CloudAnalytics Inc",
data_categories=["browsing_history", "purchase_records", "ip_address", "device_id"],
data_subjects=["customers", "website_visitors"],
legal_basis="consent",
retention_period_days=730,
cross_border_transfer=True,
transfer_destinations=["US", "IN"],
automated_decision_making=True,
)
print(f"Registered activity: {activity['activity_id']}")
Map all data flows from collection to deletion, identifying every touchpoint, transformation, and storage location. This reveals hidden privacy risks in data movement across systems.
# Build the data flow map
flow_map = engine.map_data_flows(
activity_id=activity["activity_id"],
flows=[
{
"stage": "collection",
"source": "Web browser cookie + form submission",
"destination": "CDN edge server",
"data_elements": ["ip_address", "device_id", "browsing_history"],
"encryption_in_transit": True,
"protocol": "TLS 1.3",
},
{
"stage": "processing",
"source": "CDN edge server",
"destination": "Analytics data warehouse (US-East)",
"data_elements": ["browsing_history", "purchase_records", "device_id"],
"encryption_in_transit": True,
"encryption_at_rest": True,
"protocol": "mTLS",
},
{
"stage": "storage",
"source": "Analytics data warehouse",
"destination": "S3 encrypted bucket",
"data_elements": ["browsing_history", "purchase_records"],
"encryption_at_rest": True,
"retention_days": 730,
"access_controls": "IAM role-based, MFA required",
},
{
"stage": "sharing",
"source": "Analytics data warehouse",
"destination": "Third-party ML provider (IN)",
"data_elements": ["browsing_history", "purchase_records"],
"encryption_in_transit": True,
"data_processing_agreement": True,
"cross_border": True,
},
{
"stage": "deletion",
"source": "S3 bucket + data warehouse",
"destination": "Secure erasure",
"method": "Cryptographic erasure + lifecycle policy",
"verification": "Automated deletion audit log",
},
],
)
engine.render_data_flow_diagram(flow_map)
Apply a structured risk scoring methodology evaluating likelihood and impact across multiple privacy risk dimensions. The matrix aligns with both the NIST PRAM and ICO DPIA risk assessment approaches.
# Run the risk assessment
risk_report = engine.assess_privacy_risks(
activity_id=activity["activity_id"],
assessment_type="full_dpia",
)
# Display risk matrix results
for risk in risk_report["risks"]:
print(f"[{risk['severity']}] {risk['category']}: {risk['description']}")
print(f" Likelihood: {risk['likelihood']}/5 | Impact: {risk['impact']}/5 | Score: {risk['risk_score']}/25")
print(f" Mitigation: {risk['recommended_mitigation']}")
Risk categories evaluated include:
Run automated compliance checks against specific regulatory requirements. The engine maps each processing activity against article-level GDPR obligations and CCPA/CPRA consumer rights requirements.
# GDPR compliance check
gdpr_report = engine.check_gdpr_compliance(activity_id=activity["activity_id"])
print(f"GDPR Score: {gdpr_report['compliance_score']}/100")
for finding in gdpr_report["findings"]:
print(f" [{finding['status']}] Art.{finding['article']}: {finding['description']}")
# CCPA/CPRA compliance check
ccpa_report = engine.check_ccpa_compliance(activity_id=activity["activity_id"])
print(f"CCPA Score: {ccpa_report['compliance_score']}/100")
for finding in ccpa_report["findings"]:
print(f" [{finding['status']}] Sec.{finding['section']}: {finding['description']}")
Generate a prioritized remediation plan with specific action items, responsible parties, deadlines, and generate the formal PIA/DPIA report document.
# Generate remediation plan
remediation = engine.generate_remediation_plan(
activity_id=activity["activity_id"],
risk_report=risk_report,
gdpr_report=gdpr_report,
ccpa_report=ccpa_report,
)
for item in remediation["action_items"]:
print(f"[{item['priority']}] {item['action']}")
print(f" Owner: {item['owner']} | Deadline: {item['deadline']}")
print(f" Addresses: {', '.join(item['addresses_risks'])}")
# Generate formal DPIA report
engine.generate_dpia_report(
activity_id=activity["activity_id"],
output_path="dpia_report_customer_analytics.json",
format="json",
)
print("[+] DPIA report generated")
Determine whether a full DPIA is required using the ICO screening checklist:
engine = PrivacyImpactAssessmentEngine()
screening = engine.run_screening_checklist(
uses_special_category_data=False,
large_scale_processing=True,
systematic_monitoring=True,
automated_decision_making=True,
cross_border_transfer=True,
vulnerable_data_subjects=False,
innovative_technology=True,
denial_of_service_or_rights=False,
)
print(f"DPIA Required: {screening['dpia_required']}")
print(f"Triggers: {screening['triggers']}")
# Output: DPIA Required: True
# Triggers: ['large_scale_processing', 'systematic_monitoring',
# 'automated_decision_making', 'cross_border_transfer',
# 'innovative_technology']
engine = PrivacyImpactAssessmentEngine()
activities = [
{"name": "Email Marketing", "data_categories": ["email", "name"],
"legal_basis": "consent", "cross_border_transfer": False},
{"name": "HR Analytics", "data_categories": ["employee_id", "performance_scores",
"health_data"], "legal_basis": "legitimate_interest", "cross_border_transfer": True},
{"name": "Fraud Detection", "data_categories": ["transaction_data", "ip_address",
"device_fingerprint"], "legal_basis": "legitimate_interest",
"automated_decision_making": True, "cross_border_transfer": False},
]
for act_def in activities:
activity = engine.register_processing_activity(**act_def)
risk = engine.assess_privacy_risks(activity_id=activity["activity_id"])
print(f"{act_def['name']}: Overall Risk={risk['overall_risk_level']} "
f"({risk['risk_count_by_severity']})")
engine = PrivacyImpactAssessmentEngine()
profile = engine.generate_nist_privacy_profile(
activity_id=activity["activity_id"],
target_tier="tier_3", # Repeatable
)
for function_id, outcomes in profile["functions"].items():
print(f"\n{function_id}:")
for outcome in outcomes:
status = "PASS" if outcome["implemented"] else "GAP"
print(f" [{status}] {outcome['subcategory']}: {outcome['description']}")
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Useful defaults in performing-privacy-impact-assessment — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
I recommend performing-privacy-impact-assessment for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
performing-privacy-impact-assessment is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
performing-privacy-impact-assessment fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
Solid pick for teams standardizing on skills: performing-privacy-impact-assessment is focused, and the summary matches what you get after install.
I recommend performing-privacy-impact-assessment for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Solid pick for teams standardizing on skills: performing-privacy-impact-assessment is focused, and the summary matches what you get after install.
Registry listing for performing-privacy-impact-assessment matched our evaluation — installs cleanly and behaves as described in the markdown.
Keeps context tight: performing-privacy-impact-assessment is the kind of skill you can hand to a new teammate without a long onboarding doc.
Useful defaults in performing-privacy-impact-assessment — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 40