# Skills tagged "GDPR" 27 skills with this tag. URL: https://rakenne.app/skill-tags/gdpr/index.md - [For lead certification auditors: how Rakenne skills map to what you actually check](https://rakenne.app/learn/use-cases/lead-certification-auditors/index.md) — A practical look at Rakenne's auditor-facing skills — internal audit planning, gap assessments, cross-compliance validation, and why better-prepared auditees make your job easier, not redundant. - [Cross-compliance mapping: how to unify ISO 27001, NIST CSF, SOC 2, and GDPR in one matrix](https://rakenne.app/learn/use-cases/cross-compliance-mapping-multiple-frameworks/index.md) — A practical look at multi-framework compliance mapping — the traditional spreadsheet approach versus structured, version-pinned skill workflows. Includes real output excerpts and conversation … - [Cross-Compliance Matrix](https://rakenne.app/skills/cross-compliance-matrix/index.md) — Produce a unified multi-framework compliance matrix mapping controls across ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, GDPR, NIS2/DORA, and NIST 800-53/CMMC. Scores coverage per framework, identifies … - [Data Processing Agreement (DPA) — SCC & sub-processor sync](https://rakenne.app/skills/dpa-scc/index.md) — Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor … - [DPC Cross-Border Data Processing (Lead SSA)](https://rakenne.app/skills/dpc-lead-ssa-ropa/index.md) — Draft Article 30 Records of Processing Activities for US firms using Ireland as Lead Supervisory Authority. Covers main establishment justification (GDPR Art. 4(16), EDPB criteria) and validation so … - [DPC GDPR Accuracy and Retention](https://rakenne.app/skills/dpc-gdpr-accuracy-retention/index.md) — Accuracy and retention for DPC self-assessment: purpose limitation, minimisation, accuracy, retention policies, secure destruction, and no unregulated duplication. - [DPC GDPR Breach Notification](https://rakenne.app/skills/dpc-gdpr-breach/index.md) — Breach notification and response under Ireland DPC and GDPR Art. 33–34: 72h to DPC, data subject communication for high risk, risk levels, form, and internal record. - [DPC GDPR Certification](https://rakenne.app/skills/dpc-gdpr-certification/index.md) — GDPR certification under Ireland DPC and Art. 42–43: DPC-approved criteria, INAB-accredited certification bodies, and documentation for certification readiness. - [DPC GDPR Controller Obligations](https://rakenne.app/skills/dpc-gdpr-controller-obligations/index.md) — Other controller obligations for DPC checklist: processor/supplier agreements (Art. 28–29), DPO (37–39), DPIA (35). - [DPC GDPR Data Breaches (Self-Assessment)](https://rakenne.app/skills/dpc-gdpr-data-breaches/index.md) — Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill. - [DPC GDPR Data Security](https://rakenne.app/skills/dpc-gdpr-data-security/index.md) — Data security (Art. 32) for DPC self-assessment: risk assessment, technical and organisational measures, encryption, recovery, and secure destruction. - [DPC GDPR Data Subject Rights](https://rakenne.app/skills/dpc-gdpr-data-subject-rights/index.md) — Data subject rights (Art. 15–23) for DPC self-assessment: SAR, portability, deletion/rectification, restriction, object, profiling, and restrictions. - [DPC GDPR International Transfers](https://rakenne.app/skills/dpc-gdpr-international-transfers/index.md) — International data transfers (Art. 44–50) for DPC self-assessment: adequacy, SCCs, documentation, and transparency to data subjects. - [DPC GDPR Personal Data (Legal Basis)](https://rakenne.app/skills/dpc-gdpr-personal-data/index.md) — Personal data for DPC self-assessment: consent (Art. 7–9), children (Art. 8), and legitimate interest assessment. - [DPC GDPR Readiness](https://rakenne.app/skills/dpc-gdpr-readiness/index.md) — GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas. - [DPC GDPR Transparency](https://rakenne.app/skills/dpc-gdpr-transparency/index.md) — Transparency (Art. 12–14) for DPC self-assessment: information to data subjects, Art. 13/14 lists, and proactive rights information. - [GDPR Consent Form (Art. 7)](https://rakenne.app/skills/gdpr-consent-form/index.md) — Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation … - [GDPR Gap Assessment](https://rakenne.app/skills/gdpr-gap-assessment/index.md) — Perform a structured gap assessment against GDPR (Regulation 2016/679). Mandatory artifact detector scans for missing compliance documents; maturity rater suggests 0-5 maturity per domain across all … - [GDPR Legitimate Interest Assessment (Art. 6(1)(f))](https://rakenne.app/skills/gdpr-legitimate-interest-assessment/index.md) — Conduct a three-part Legitimate Interest Assessment (LIA) under GDPR Art. 6(1)(f): purpose test, necessity test, and balancing test. Validates against EDPB Opinion 08/2024, WP217, and CJEU case law … - [GDPR Privacy by Design & Default (Art. 25)](https://rakenne.app/skills/gdpr-privacy-by-design/index.md) — Assess and document data protection by design and by default measures per GDPR Article 25 and EDPB Guidelines 4/2019. Covers the seven foundational principles, Hoepman's eight design strategies, Art. … - [GDPR ROPA & DPIA Author](https://rakenne.app/skills/gdpr-ropa-dpia-author/index.md) — Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and … - [GDPR Vendor & Processor Audit (Art. 28)](https://rakenne.app/skills/gdpr-vendor-processor-audit/index.md) — Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. … - [HIQA Data Protection and Confidentiality Policy](https://rakenne.app/skills/hiqa-data-protection-confidentiality-policy/index.md) — Draft or update a data protection and confidentiality policy aligned with HIQA, GDPR, and Irish law. - [ISO 27701 Privacy Policy Generator](https://rakenne.app/skills/iso27701-privacy-policy-generator/index.md) — Generate a comprehensive privacy policy/notice aligned to ISO 27701 Clause 6 controller obligations. Uses PII inventory and controller controls as inputs to produce a legally-grounded, auditable … - [Multi-Jurisdiction Data Processing Agreement (GDPR + CCPA + UK)](https://rakenne.app/skills/multi-jurisdiction-dpa/index.md) — Draft an integrated Data Processing Agreement covering EU GDPR Article 28, EU Standard Contractual Clauses (SCCs), UK IDTA or UK Addendum, and US state privacy laws (CCPA/CPRA, CPA, VCDPA). Includes … - [Privacy & PII Protection Program](https://rakenne.app/skills/iso27001-privacy-pii-program/index.md) — Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record … - [Third-Party Risk Assessment (TPRA)](https://rakenne.app/skills/third-party-risk-assessment/index.md) — Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 … --- Back to [All Tags](https://rakenne.app/skill-tags/) | [Skill Library](https://rakenne.app/skills/)