melodic-software/assess-gdpr
plugins/compliance-planning/skills/assess-gdpr/SKILL.md
Conduct a GDPR compliance assessment for a system or processing activity.
$ install --global
skillsauthnpx skillsauth add melodic-software/claude-code-plugins assess-gdprInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:36 AM15.3s1 file scanned
SKILL.md
- name:
- assess-gdpr
- description:
- Conduct a GDPR compliance assessment for a system or processing activity.
- argument-hint:
- <scope-description>
- allowed-tools:
- Task, Skill
GDPR Compliance Assessment
Conduct a comprehensive GDPR compliance assessment.
Workflow
Step 1: Load Required Skills
Load these skills:
gdpr-compliance- GDPR requirements and DPIA guidancedata-classification- Personal data categorization
Step 2: Spawn Privacy Officer Agent
Spawn the privacy-officer agent with the following prompt:
Conduct a comprehensive GDPR compliance assessment for: $ARGUMENTS
Perform the following assessments:
1. Data Mapping
- Identify all personal data collected
- Categorize data (standard vs special category)
- Map data flows (collection, processing, storage, sharing)
- Identify controllers and processors
- Document international transfers
2. Lawful Basis Assessment
- Determine lawful basis for each processing activity
- Validate consent mechanisms (if applicable)
- Conduct Legitimate Interest Assessment (if applicable)
3. DPIA Determination
- Assess if DPIA is required
- If required, conduct risk assessment
- Recommend mitigations for identified risks
4. Data Subject Rights
- Assess implementation of all rights
- Identify gaps in rights fulfillment
- Recommend improvements
5. Privacy by Design
- Evaluate data minimization
- Assess purpose limitation
- Review storage limitation
- Check transparency measures
6. Documentation Review
- Privacy notices
- Processing records (Article 30)
- Data protection policies
Provide a complete GDPR assessment with:
- Compliance score by area
- Gap analysis with priorities
- Remediation roadmap
- Evidence requirements
Step 3: Generate Assessment Report
Ensure the report includes:
- Executive summary with overall compliance rating
- Detailed findings by GDPR article
- Prioritized remediation plan
- Timeline for compliance
Example Usage
# Assess a customer data processing system
/compliance-planning:assess-gdpr "customer relationship management system processing EU customer data"
# Assess a marketing platform
/compliance-planning:assess-gdpr "email marketing platform with subscriber consent management"
# Assess an e-commerce site
/compliance-planning:assess-gdpr "e-commerce website serving EU customers with payment processing"
Output Format
# GDPR Compliance Assessment: [System Name]
## Executive Summary
### Overall Compliance: [HIGH/MEDIUM/LOW]
| Area | Score | Status |
|------|-------|--------|
| Lawful Basis | [X/10] | [Status] |
| Data Subject Rights | [X/10] | [Status] |
| Security | [X/10] | [Status] |
| Documentation | [X/10] | [Status] |
| **Overall** | **[X/10]** | **[Status]** |
### Key Findings
- [Critical finding 1]
- [Critical finding 2]
---
## Personal Data Inventory
[Detailed data mapping]
---
## Lawful Basis Analysis
[Assessment per processing activity]
---
## Data Subject Rights Assessment
[Implementation status per right]
---
## DPIA Assessment
### Required: [Yes/No]
[If yes, full DPIA]
---
## Gap Analysis
### Critical Gaps
| Gap | GDPR Article | Risk | Remediation |
|-----|--------------|------|-------------|
---
## Remediation Roadmap
### Immediate (0-30 days)
1. [Action]
### Short-term (30-90 days)
1. [Action]
### Long-term (90+ days)
1. [Action]
---
## Documentation Checklist
- [ ] Privacy notice updated
- [ ] Article 30 records complete
- [ ] DPIAs conducted
- [ ] BAAs/DPAs in place
- [ ] Consent records maintained
Related Skills
melodic-software/milan-jovanovic-blog
development
VerifiedTrustedCommunity
Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.
47SKILL.mdUpdated Apr 7, 2026
melodic-software/setup-dab
tools
VerifiedTrustedCommunity
Install and configure Data API Builder (DAB) for production SQL Server MCP access with RBAC
47SKILL.mdUpdated Apr 7, 2026
melodic-software/mssql
tools
VerifiedTrustedCommunity
Manage MssqlMcp servers - status, rebuild, and upstream updates
47SKILL.mdUpdated Apr 7, 2026
melodic-software/onboarding
tools
VerifiedTrustedCommunity
Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.
47SKILL.mdUpdated Apr 7, 2026