Data Protection
Skill packages tagged with “Data Protection”
CCPA/CPRA Privacy Program — Compliance Documentation Package
Draft and validate the core privacy compliance documentation package required under the California Consumer Privacy Act as amended by CPRA. Covers the privacy policy, DSAR procedures, data inventory, privacy impact assessment, opt-out mechanisms, and service provider/contractor agreements.
Data Privacy — AIPD (CNIL Standard)
Conduct a Privacy Impact Assessment (AIPD) under the CNIL standard for France (RGPD). Three-step methodology: Context, Principles, Risks. Validates retention periods against CNIL 'droit à l'oubli' (right to erasure).
Data Processing Agreement (DPA) — SCC & sub-processor sync
Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor list against the privacy portal.
DPC Cross-Border Data Processing (Lead SSA)
Draft Article 30 Records of Processing Activities for US firms using Ireland as Lead Supervisory Authority. Covers main establishment justification (GDPR Art. 4(16), EDPB criteria) and validation so the Irish DPC remains the competent authority.
GDPR ROPA & DPIA Author
Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and DPIA necessity assessment and risk mitigation.
India DPDP Act — Data Protection Impact Assessment
Draft and validate a Data Protection Impact Assessment for Significant Data Fiduciaries under India's Digital Personal Data Protection Act 2023. Covers processing inventory, consent framework, data principal rights, and cross-border transfers.
Japan APPI — Privacy Impact Assessment
Draft and validate a Privacy Impact Assessment for processing under Japan's Act on the Protection of Personal Information (APPI, amended 2022). Covers data categorisation, cross-border transfer assessment, and PPC guidelines compliance.
King IV and POPIA Narrative
Draft the POPIA–King IV governance narrative linking data protection compliance to King IV Principles 12 and 13 for South African organisations.
PDPA — Data Protection Management Programme (Singapore)
Draft and validate the Data Protection Management Programme (DPMP) required by Singapore's Personal Data Protection Act 2012. Covers governance, data inventory, DPIA, breach management plan, and DPO appointment per PDPC guidance.
PIIA (SA) — Risk Assessment
Draft the risk assessment for a POPIA PIIA: analyse risks to data subjects' rights and freedoms, including harm, discrimination, and financial loss.
PIIA (SA) — Systematic Description of Processing
Draft the systematic description of processing for a POPIA PIIA: step-by-step description of how personal information is collected, used, stored, and deleted.
POPIA Compliance Framework — Manual & PAIA Manual (South Africa)
Draft and validate POPIA (Act 4 of 2013) compliance framework documentation and the mandatory PAIA Manual. Covers the eight conditions for lawful processing, PAIA manual, Information Officer registration, and breach notification.
Saudi PDPL — Personal Data Protection Assessment
Draft and validate data protection compliance documentation under Saudi Arabia's Personal Data Protection Law (Royal Decree M/19 of 2021, amended 2023) and its Implementing Regulations. Covers data inventory, consent, cross-border transfers, and 72-hour breach notification.
UAE Federal PDPL — Data Protection Impact Assessment
Draft and validate a DPIA under UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL) and its Executive Regulations. Covers data inventory, lawful basis, cross-border transfers, and 72-hour breach notification.
UK GDPR & DPIA (Data Protection)
Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy standards. Validates breach-notification policies against the 72-hour ICO reporting window.
Whistleblower System Design (HinSchG)
Erstellt Verfahrensordnungen fuer interne Meldestellen gemaess dem Hinweisgeberschutzgesetz (HinSchG). Validiert Pflichtabschnitte, gesetzliche Fristen (7 Tage Eingangsbestaetigung, 3 Monate Rueckmeldung) und die 3-Jahres-Loeschfrist.
Works Council Agreements (BetrVG)
Negotiation-based drafting and validation of Betriebsvereinbarungen (Works Agreements) for IT systems under the Betriebsverfassungsgesetz (BetrVG). Ensures Leistungs- und Verhaltenskontrolle (performance and behavior monitoring) clauses comply with §87 Abs. 1 Nr. 6 BetrVG and validates BDSG §26 / DSGVO Art. 88 alignment for employee data protection.