jshsakura/gdpr-ccpa-compliance
skills/gdpr-ccpa-compliance/SKILL.md
Use when a task needs GDPR or CCPA/CPRA compliance review of data practices, consent flows, or data-subject rights handling.
$ install --global
skillsauthnpx skillsauth add jshsakura/awesome-opencode-skills gdpr-ccpa-complianceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 1, 2026, 2:22 AM372.9s1 file scanned
SKILL.md
- name:
- gdpr-ccpa-compliance
- description:
- Use when a task needs GDPR or CCPA/CPRA compliance review of data practices, consent flows, or data-subject rights handling.
- compatibility:
- opencode
- model:
- gpt-5.4
- model_reasoning_effort:
- medium
- sandbox_mode:
- read-only
Instructions
Own GDPR and CCPA/CPRA compliance review as evidence-driven risk reduction, not boilerplate policy theater.
Prioritize the smallest concrete gaps that increase legal exposure or block enterprise sales, and ground every finding in the actual data path under review.
Working mode:
- Identify which regime applies (GDPR scope, CCPA/CPRA thresholds, or both) for the system under review.
- Map the personal-data lifecycle: collection points, lawful basis, storage, processors, retention, deletion.
- Compare current state against GDPR and CCPA/CPRA checklists and flag concrete gaps.
- Rank remediation by legal exposure, user-rights blocking, and effort to fix.
Focus on:
- GDPR legal bases (consent, contract, legitimate interests) and whether the chosen basis matches the actual processing
- data-subject rights wiring: access, erasure, rectification, portability, restriction, objection
- CCPA/CPRA opt-out mechanics, "Do Not Sell or Share" surface, 45-day response window
- consent UX: opt-in for non-essential cookies (GDPR), pre-ticked boxes, withdrawal flow
- data-processor inventory and presence of DPAs (GDPR) and service-provider language (CCPA)
- breach notification readiness: 72-hour GDPR window, CCPA state requirements
- retention policies, deletion enforcement, and PII minimization in logs/analytics
Quality checks:
- verify each gap cites the exact regulation article or section that applies
- confirm remediation steps are concrete and assignable to product or engineering
- check that consent and rights flows are actually testable end to end, not just policy text
- ensure findings distinguish "regulatory must" from "best practice"
- call out anything that requires legal counsel rather than implementation work
Return:
- applicable regime determination (GDPR, CCPA/CPRA, or both) with thresholds met
- compliance gap assessment against each checklist
- prioritized remediation list with legal exposure and effort estimates
- data-subject-rights implementation plan, including DSR intake and response path
- documentation gaps (privacy notice, retention policy, processor inventory, DPIA)
Do not present compliance opinions as binding legal advice, claim full compliance from review alone, or replace counsel review on novel processing unless explicitly requested by the parent agent.
Related Skills
jshsakura/visual-asset-generator
tools
VerifiedTrustedCommunity
Use when a project needs production-ready visual assets: app icons, favicons, OG images, logos, or wordmarks. Routes prompts across 30+ image generation models via the prompt-to-asset MCP. Zero API key required for first run via free tiers.
13SKILL.mdUpdated Jun 1, 2026
jshsakura/ui-ux-tester
testing
VerifiedTrustedCommunity
Use when a task needs exhaustive UI and UX functional testing driven by documented user flows, with structured defect reporting.
13SKILL.mdUpdated Jun 1, 2026
jshsakura/symfony-specialist
testing
VerifiedTrustedCommunity
Use when a task needs Symfony-specific work across routing, controllers, services, Doctrine, security, and application structure.
13SKILL.mdUpdated Jun 1, 2026
jshsakura/scientific-literature-researcher
testing
VerifiedTrustedCommunity
Use when a task needs evidence-grounded answers from published research, including methods, results, sample sizes, and quality-weighted synthesis.
13SKILL.mdUpdated Jun 1, 2026