GDPR
Skill packages tagged with “GDPR”
Data Processing Agreement (DPA) — SCC & sub-processor sync
Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor list against the privacy portal.
DPC Cross-Border Data Processing (Lead SSA)
Draft Article 30 Records of Processing Activities for US firms using Ireland as Lead Supervisory Authority. Covers main establishment justification (GDPR Art. 4(16), EDPB criteria) and validation so the Irish DPC remains the competent authority.
DPC GDPR Accuracy and Retention
Accuracy and retention for DPC self-assessment: purpose limitation, minimisation, accuracy, retention policies, secure destruction, and no unregulated duplication.
DPC GDPR Breach Notification
Breach notification and response under Ireland DPC and GDPR Art. 33–34: 72h to DPC, data subject communication for high risk, risk levels, form, and internal record.
DPC GDPR Certification
GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness.
DPC GDPR Controller Obligations
Other controller obligations for DPC checklist: processor/supplier agreements (Art. 27–29), DPO (37–39), DPIA (35).
DPC GDPR Data Breaches (Self-Assessment)
Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill.
DPC GDPR Data Security
Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction.
DPC GDPR Data Subject Rights
Data subject rights (Art. 15–23) for DPC self-assessment: SAR, portability, deletion/rectification, restriction, object, profiling, and restrictions.
DPC GDPR International Transfers
International data transfers (Art. 44–50) for DPC self-assessment: adequacy, SCCs, documentation, and transparency to data subjects.
DPC GDPR Personal Data (Legal Basis)
Personal data for DPC self-assessment: consent (Art. 7–9), children (Art. 8), and legitimate interest assessment.
DPC GDPR Readiness
GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas.
DPC GDPR Transparency
Transparency (Art. 12–14) for DPC self-assessment: information to data subjects, Art. 13/14 lists, and proactive rights information.
GDPR ROPA & DPIA Author
Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and DPIA necessity assessment and risk mitigation.
HIQA Data Protection and Confidentiality Policy
Draft or update a data protection and confidentiality policy aligned with HIQA, GDPR, and Irish law.
Third-Party Risk Assessment (TPRA)
Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 and GDPR Article 28, with automated tools that flag unsupported vendor claims, expired reports, and bridge-letter gaps.