Regulatory & Compliance GDPRPrivacyCompliance

GDPR/DSGVO Expert

GDPR and German DSGVO compliance automation.

$skillfish add ~skills/gdpr-dsgvo-expert

Real Examples Get Started Models & Context

Real Conversations

See how the GDPR/DSGVO Expert skill responds to actual requests. These are representative examples of what your AI agent will produce.

You

A user in Germany submitted a GDPR Article 15 data subject access request (DSAR) to us 18 days ago. We're a B2B SaaS company. We have a 30-day deadline. We don't have a formal process. What do we do right now?

Agent

DSAR Response — 12 Days Left

Immediate priority: You have 12 days to respond. Under GDPR Art. 12(3), response is due within 30 days of receipt.

Step 1: Verify identity (do this today) Before providing any data, verify the requester:

Email confirmation from the account email address on file, OR
Government ID if they're claiming data beyond their account

Do NOT share data with unverified requestors. Document this step.

Step 2: Data mapping — what do you hold?

System	Data held	Legal basis
App database	Account info, usage logs, settings	Contract (Art. 6(1)(b))
CRM (HubSpot)	Contact info, email history	Legitimate interest
Analytics (Mixpanel)	Behavioral events (pseudonymized)	Legitimate interest / Consent
Support (Intercom)	Conversation history	Contract
Marketing emails	Send/open history	Consent

Step 3: Compile the Art. 15 response — must include:

Confirmation that you process their data
Categories of personal data held
Purposes and legal bases for processing
Recipients/categories of recipients (Stripe, AWS, Intercom)
Retention periods per category
Their rights: rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21)
Right to lodge complaint with BfDI (Germany's supervisory authority)

Step 4: Deliver in machine-readable format Provide as PDF or structured JSON. Art. 15(3) requires a copy in a commonly used format.

After this DSAR — build the process:

DSAR intake form on your website
Response template
Identity verification SOP
30-day calendar reminder automation

Want me to write the full DSAR response letter template and the internal data mapping worksheet?

You

A large enterprise customer is asking us to sign a Data Processing Agreement (DPA). They also want us to have DPAs with all our sub-processors: AWS, Intercom, Mixpanel, Stripe. What needs to be in a GDPR-compliant DPA?

Agent

GDPR DPA Requirements — Art. 28

Mandatory DPA clauses (Art. 28(3)):

Processing instructions — You process personal data only on documented instructions from the controller.
Confidentiality — Staff authorized to process personal data are bound by confidentiality.
Security measures (Art. 32) — Document your technical and organizational measures:
- Encryption at rest and in transit (TLS 1.2+, AES-256)
- Access controls (RBAC, MFA)
- Incident response procedures
Sub-processor authorization — Controller grants general or specific authorization. You must:
- Maintain a list of sub-processors
- Notify controller in advance of changes (30-day notice minimum)
- Impose same obligations on sub-processors
Data subject rights assistance — You assist controller in responding to DSARs.
Security incident notification — Notify controller without undue delay after becoming aware of a breach (to allow controller to meet their 72-hour supervisory authority deadline).
Deletion/return at contract end — Delete or return all personal data at controller's choice upon termination.
Audit rights — Accept questionnaires (ISO 27001 cert, SOC 2 report) in lieu of on-site audits.

Sub-processor DPAs — all available self-service:

Sub-processor	DPA available?	Where
AWS	Yes	aws.amazon.com/agreement/dpa
Intercom	Yes	intercom.com/legal/data-processing-agreement
Mixpanel	Yes	mixpanel.com/legal/dpa
Stripe	Yes	stripe.com/legal/dpa

Sign all four via their portals today — this closes the sub-processor gap immediately.

Want me to draft your standard DPA template to offer enterprise customers?

Get Started

How to install and use this skill in your preferred environment.

Skills are designed for AI coding agents (Claude Code, Cursor, Windsurf) and IDE-based workflows where the agent can read files, run scripts, and act on your codebase. Web-based AI can use the knowledge and frameworks, but won't have tool access.

Models & Context

Which AI models and context windows work best with this skill.

Recommended Models

Best

Claude Opus 4 Claude Sonnet 4 GPT-4.1 Gemini 2.5 Pro Grok 3 Kimi K2

Good

Claude Haiku 4.5 GPT-4.1 mini Gemini 2.5 Flash Grok 3 mini

Larger models produce more detailed, production-ready outputs.

Context Window

This skill's SKILL.md is typically 3–10 KB — fits in any modern context window.

8K Skill only

32K+ Skill + conversation

100K+ Skill + references + codebase

All current frontier models (Claude, GPT, Gemini) support 100K+ context. Use the full window for complex multi-service work.

Pro tips for best results

1

Be specific

Include numbers — users, budget, RPS — so the skill can size the architecture.

2

Share constraints

Compliance needs, team size, and existing stack all improve the output.

3

Iterate

Start with a high-level design, then ask follow-ups for IaC, cost analysis, or security review.

4

Combine skills

Pair with companion skills below for end-to-end coverage.

Ready to try GDPR/DSGVO Expert?

Install the skill and start getting expert-level guidance in your workflow — any agent, any IDE.

$skillfish add ~skills/gdpr-dsgvo-expert

← Browse all 169 skills