gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
Author
Category
Other ToolsInstall
Hot:6
Download and extract to your skills directory
Copy command and send to OpenClaw for auto-install:
Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-gdpr-data-handling&locale=en&source=copy
GDPR Data Processing — Privacy Compliance Skills
Skill Overview
The GDPR Data Processing skill provides a complete implementation guide for GDPR compliance in the European Union, helping development teams build privacy-regulated data processing systems that support consent management, protect data subject rights, and apply privacy-by-design principles.
Use Cases
When your application or service needs to collect, store, or process personal data of users in the EU, use this skill to ensure that data processing activities meet GDPR requirements, including lawful bases, data minimization, and the principle of purpose limitation.
When building features such as user registration, form submissions, or preference settings, use this skill to implement effective consent collection mechanisms—enabling users to explicitly authorize data processing activities and withdraw consent at any time.
When an organization needs to verify the compliance status of existing systems, prepare data protection impact assessments (DPIAs), or respond to regulatory inspections, use this skill for comprehensive review and documentation.
Core Functions
Implement a verifiable consent collection flow that records the time, scope, and method of user authorization, supports consent withdrawal, and ensures that data processing has a clear legal basis.
Support users in exercising the rights granted by GDPR, including the right of access, the right to rectification, the right to erasure (right to be forgotten), the right to data portability, and the right to object.
Integrate privacy protection principles early in system architecture. Achieve “privacy protection by default” through default settings, data minimization, access controls, and transparency-by-design.
Frequently Asked Questions
What are the core requirements for GDPR compliance?
Key GDPR requirements include: data processing must have a lawful basis (such as user consent or contract performance), comply with purpose limitation and data minimization principles, safeguard data subject rights, implement technical and organizational measures, record processing activities, appoint a data protection officer (where applicable), conduct data protection impact assessments, and meet possible obligations to notify data breaches.
How should deletion requests from data subjects be handled?
When a deletion request is received, you must verify the requestor’s identity, confirm whether the data must be retained (e.g., legal obligations, public interest), and delete or anonymize the relevant data without affecting any necessary retention. You must also inform third-party processors. The entire process should be documented, typically completed and responded to within one month.
Do small companies also need GDPR compliance?
Yes. GDPR applies to all organizations that process personal data of individuals in the EU, regardless of size. While some documentation obligations may be exempt for organizations with fewer than 250 employees, the core compliance requirements (lawful basis, data subject rights, security measures) still apply. Small companies are advised to adopt practical compliance approaches, starting with risk assessments and high-priority measures.