[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-0ceb0d61-26e1-4767-8f3a-4b5ce42f1023":3,"$fQJ6zV3cb76Prx42EoEuZnoGPB3iWaFmMUwNRj5KL8a8":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"0ceb0d61-26e1-4767-8f3a-4b5ce42f1023","gdpr-dsgvo-expert","GDPR和德国DSGVO合规自动化。扫描代码库以识别隐私风险，生成DPIA文档，跟踪数据主体权利请求。用于GDPR合规评估、隐私审计、数据保护规划、DPIA生成和数据主体权利管理。","cat_coding_review","mod_coding","alirezarezvani,coding","---\nname: \"gdpr-dsgvo-expert\"\ndescription: GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.\n---\n\n# GDPR\u002FDSGVO Expert\n\nTools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance.\n\n---\n\n## Table of Contents\n\n- [Tools](#tools)\n  - [GDPR Compliance Checker](#gdpr-compliance-checker)\n  - [DPIA Generator](#dpia-generator)\n  - [Data Subject Rights Tracker](#data-subject-rights-tracker)\n- [Reference Guides](#reference-guides)\n- [Workflows](#workflows)\n\n---\n\n## Tools\n\n### GDPR Compliance Checker\n\nScans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.\n\n```bash\n# Scan a project directory\npython scripts\u002Fgdpr_compliance_checker.py \u002Fpath\u002Fto\u002Fproject\n\n# JSON output for CI\u002FCD integration\npython scripts\u002Fgdpr_compliance_checker.py . --json --output report.json\n```\n\n**Detects:**\n- Personal data patterns (email, phone, IP addresses)\n- Special category data (health, biometric, religion)\n- Financial data (credit cards, IBAN)\n- Risky code patterns:\n  - Logging personal data\n  - Missing consent mechanisms\n  - Indefinite data retention\n  - Unencrypted sensitive data\n  - Disabled deletion functionality\n\n**Output:**\n- Compliance score (0-100)\n- Risk categorization (critical, high, medium)\n- Prioritized recommendations with GDPR article references\n\n---\n\n### DPIA Generator\n\nGenerates Data Protection Impact Assessment documentation following Art. 35 requirements.\n\n```bash\n# Get input template\npython scripts\u002Fdpia_generator.py --template > input.json\n\n# Generate DPIA report\npython scripts\u002Fdpia_generator.py --input input.json --output dpia_report.md\n```\n\n**Features:**\n- Automatic DPIA threshold assessment\n- Risk identification based on processing characteristics\n- Legal basis requirements documentation\n- Mitigation recommendations\n- Markdown report generation\n\n**DPIA Triggers Assessed:**\n- Systematic monitoring (Art. 35(3)(c))\n- Large-scale special category data (Art. 35(3)(b))\n- Automated decision-making (Art. 35(3)(a))\n- WP29 high-risk criteria\n\n---\n\n### Data Subject Rights Tracker\n\nManages data subject rights requests under GDPR Articles 15-22.\n\n```bash\n# Add new request\npython scripts\u002Fdata_subject_rights_tracker.py add \\\n  --type access --subject \"John Doe\" --email \"john@example.com\"\n\n# List all requests\npython scripts\u002Fdata_subject_rights_tracker.py list\n\n# Update status\npython scripts\u002Fdata_subject_rights_tracker.py status --id DSR-202601-0001 --update verified\n\n# Generate compliance report\npython scripts\u002Fdata_subject_rights_tracker.py report --output compliance.json\n\n# Generate response template\npython scripts\u002Fdata_subject_rights_tracker.py template --id DSR-202601-0001\n```\n\n**Supported Rights:**\n\n| Right | Article | Deadline |\n|-------|---------|----------|\n| Access | Art. 15 | 30 days |\n| Rectification | Art. 16 | 30 days |\n| Erasure | Art. 17 | 30 days |\n| Restriction | Art. 18 | 30 days |\n| Portability | Art. 20 | 30 days |\n| Objection | Art. 21 | 30 days |\n| Automated decisions | Art. 22 | 30 days |\n\n**Features:**\n- Deadline tracking with overdue alerts\n- Identity verification workflow\n- Response template generation\n- Compliance reporting\n\n---\n\n## Reference Guides\n\n### GDPR Compliance Guide\n`references\u002Fgdpr_compliance_guide.md`\n\nComprehensive implementation guidance covering:\n- Legal bases for processing (Art. 6)\n- Special category requirements (Art. 9)\n- Data subject rights implementation\n- Accountability requirements (Art. 30)\n- International transfers (Chapter V)\n- Breach notification (Art. 33-34)\n\n### German BDSG Requirements\n`references\u002Fgerman_bdsg_requirements.md`\n\nGerman-specific requirements including:\n- DPO appointment threshold (§ 38 BDSG - 20+ employees)\n- Employment data processing (§ 26 BDSG)\n- Video surveillance rules (§ 4 BDSG)\n- Credit scoring requirements (§ 31 BDSG)\n- State data protection laws (Landesdatenschutzgesetze)\n- Works council co-determination rights\n\n### DPIA Methodology\n`references\u002Fdpia_methodology.md`\n\nStep-by-step DPIA process:\n- Threshold assessment criteria\n- WP29 high-risk indicators\n- Risk assessment methodology\n- Mitigation measure categories\n- DPO and supervisory authority consultation\n- Templates and checklists\n\n---\n\n## Workflows\n\n### Workflow 1: New Processing Activity Assessment\n\n```\nStep 1: Run compliance checker on codebase\n        → python scripts\u002Fgdpr_compliance_checker.py \u002Fpath\u002Fto\u002Fcode\n\nStep 2: Review findings and compliance score\n        → Address critical and high issues\n\nStep 3: Determine if DPIA required\n        → Check references\u002Fdpia_methodology.md threshold criteria\n\nStep 4: If DPIA required, generate assessment\n        → python scripts\u002Fdpia_generator.py --template > input.json\n        → Fill in processing details\n        → python scripts\u002Fdpia_generator.py --input input.json --output dpia.md\n\nStep 5: Document in records of processing activities\n```\n\n### Workflow 2: Data Subject Request Handling\n\n```\nStep 1: Log request in tracker\n        → python scripts\u002Fdata_subject_rights_tracker.py add --type [type] ...\n\nStep 2: Verify identity (proportionate measures)\n        → python scripts\u002Fdata_subject_rights_tracker.py status --id [ID] --update verified\n\nStep 3: Gather data from systems\n        → python scripts\u002Fdata_subject_rights_tracker.py status --id [ID] --update in_progress\n\nStep 4: Generate response\n        → python scripts\u002Fdata_subject_rights_tracker.py template --id [ID]\n\nStep 5: Send response and complete\n        → python scripts\u002Fdata_subject_rights_tracker.py status --id [ID] --update completed\n\nStep 6: Monitor compliance\n        → python scripts\u002Fdata_subject_rights_tracker.py report\n```\n\n### Workflow 3: German BDSG Compliance Check\n\n```\nStep 1: Determine if DPO required\n        → 20+ employees processing personal data automatically\n        → OR processing requires DPIA\n        → OR business involves data transfer\u002Fmarket research\n\nStep 2: If employees involved, review § 26 BDSG\n        → Document legal basis for employee data\n        → Check works council requirements\n\nStep 3: If video surveillance, comply with § 4 BDSG\n        → Install signage\n        → Document necessity\n        → Limit retention\n\nStep 4: Register DPO with supervisory authority\n        → See references\u002Fgerman_bdsg_requirements.md for authority list\n```\n\n---\n\n## Key GDPR Concepts\n\n### Legal Bases (Art. 6)\n\n- **Consent**: Marketing, newsletters, analytics (must be freely given, specific, informed)\n- **Contract**: Order fulfillment, service delivery\n- **Legal obligation**: Tax records, employment law\n- **Legitimate interests**: Fraud prevention, security (requires balancing test)\n\n### Special Category Data (Art. 9)\n\nRequires explicit consent or Art. 9(2) exception:\n- Health data\n- Biometric data\n- Racial\u002Fethnic origin\n- Political opinions\n- Religious beliefs\n- Trade union membership\n- Genetic data\n- Sexual orientation\n\n### Data Subject Rights\n\nAll rights must be fulfilled within **30 days** (extendable to 90 for complex requests):\n- **Access**: Provide copy of data and processing information\n- **Rectification**: Correct inaccurate data\n- **Erasure**: Delete data (with exceptions for legal obligations)\n- **Restriction**: Limit processing while issues are resolved\n- **Portability**: Provide data in machine-readable format\n- **Object**: Stop processing based on legitimate interests\n\n### German BDSG Additions\n\n| Topic | BDSG Section | Key Requirement |\n|-------|--------------|-----------------|\n| DPO threshold | § 38 | 20+ employees = mandatory DPO |\n| Employment | § 26 | Detailed employee data rules |\n| Video | § 4 | Signage and proportionality |\n| Scoring | § 31 | Explainable algorithms |\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,204,1556,"2026-05-16 14:06:12",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"343c1f54-5be8-45d1-9129-e7cf8569d903","1.0.0","gdpr-dsgvo-expert.zip",35014,"uploads\u002Fskills\u002F0ceb0d61-26e1-4767-8f3a-4b5ce42f1023\u002Fgdpr-dsgvo-expert.zip","4b2e3174b60ad303b769f6759cd54f7a24c5a141f5d70f7227ec65d704e5a6b7","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":7927},{\"path\":\"references\u002Fdpia_methodology.md\",\"isDirectory\":false,\"size\":10999},{\"path\":\"references\u002Fgdpr_audit_playbook.md\",\"isDirectory\":false,\"size\":10677},{\"path\":\"references\u002Fgdpr_compliance_guide.md\",\"isDirectory\":false,\"size\":9029},{\"path\":\"references\u002Fgerman_bdsg_requirements.md\",\"isDirectory\":false,\"size\":8866},{\"path\":\"scripts\u002Fdata_subject_rights_tracker.py\",\"isDirectory\":false,\"size\":19213},{\"path\":\"scripts\u002Fdpia_generator.py\",\"isDirectory\":false,\"size\":20683},{\"path\":\"scripts\u002Fgdpr_compliance_checker.py\",\"isDirectory\":false,\"size\":15467}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]