SKILL

Gdpr Data Handling

Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.

Published by @Seth Hobson·0 agent reads / 30d·0 saves·

GDPR Data Handling

Practical implementation guide for GDPR-compliant data processing, consent management, and privacy controls.

When to Use This Skill

  • Building systems that process EU personal data
  • Implementing consent management
  • Handling data subject requests (DSRs)
  • Conducting GDPR compliance reviews
  • Designing privacy-first architectures
  • Creating data processing agreements

Core Concepts

1. Personal Data Categories

CategoryExamplesProtection Level
BasicName, email, phoneStandard
Sensitive (Art. 9)Health, religion, ethnicityExplicit consent
Criminal (Art. 10)Convictions, offensesOfficial authority
Children'sUnder 16 dataParental consent

2. Legal Bases for Processing

Article 6 - Lawful Bases:
├── Consent: Freely given, specific, informed
├── Contract: Necessary for contract performance
├── Legal Obligation: Required by law
├── Vital Interests: Protecting someone's life
├── Public Interest: Official functions
└── Legitimate Interest: Balanced against rights

3. Data Subject Rights

Right to Access (Art. 15)      ─┐
Right to Rectification (Art. 16) │
Right to Erasure (Art. 17)       │ Must respond
Right to Restrict (Art. 18)      │ within 1 month
Right to Portability (Art. 20)   │
Right to Object (Art. 21)       ─┘

Detailed worked examples and patterns

Detailed sections (starting with ## Implementation Patterns) live in references/details.md. Read that file when the navigation summary above is insufficient.

Best Practices

Do's

  • Minimize data collection - Only collect what's needed
  • Document everything - Processing activities, legal bases
  • Encrypt PII - At rest and in transit
  • Implement access controls - Need-to-know basis
  • Regular audits - Verify compliance continuously

Don'ts

  • Don't pre-check consent boxes - Must be opt-in
  • Don't bundle consent - Separate purposes separately
  • Don't retain indefinitely - Define and enforce retention
  • Don't ignore DSARs - 30-day response required
  • Don't transfer without safeguards - SCCs or adequacy decisions

Bundled with this artifact

2 files

Reference files that ship alongside this artifact. Agents pull these in only when the task needs them.

More on the bench

SKILL0

Contract Review

Review contracts against your organization's negotiation playbook, flagging deviations and generating redline suggestions. Use when reviewing vendor contracts, customer agreements, or any commercial agreement where you need clause-by-clause analysis against standard positions.

w95
legal+1
0
SKILL0

Compliance

Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.

w95
compliance+1
0
SKILL0

Privacy Policy

Draft a detailed privacy policy covering data types, jurisdiction, GDPR and compliance considerations, and clauses needing legal review. Use when creating a privacy policy, updating data protection documentation, or preparing for compliance.

Paweł Huryn
product-management+2
0