# Skills tagged "Privacy" 34 skills with this tag. URL: https://rakenne.app/skill-tags/privacy/index.md - [Canada Privacy & PIA](https://rakenne.app/skills/canada-privacy-pia/index.md) — Guide to Canadian privacy law (PIPEDA, provincial private-sector laws, Bill C-27 status) and Privacy Impact Assessments for federal and private-sector data handling. Use with PIA outline and … - [CCPA/CPRA Privacy Program — Compliance Documentation Package](https://rakenne.app/skills/ccpa-cpra-privacy-program/index.md) — Draft and validate the core privacy compliance documentation package required under the California Consumer Privacy Act as amended by CPRA. Covers the privacy policy, DSAR procedures, data inventory, … - [Data Privacy — AIPD (CNIL Standard)](https://rakenne.app/skills/cnil-aipd/index.md) — Conduct a Privacy Impact Assessment (AIPD) under the CNIL standard for France (RGPD). Three-step methodology: Context, Principles, Risks. Validates retention periods against CNIL 'droit à l'oubli' … - [Data Processing Agreement (DPA) — SCC & sub-processor sync](https://rakenne.app/skills/dpa-scc/index.md) — Draft the legal annex for DPAs governing controller–processor data transfers under GDPR and CCPA. Inserts the correct Standard Contractual Clauses by data importer country and validates sub-processor … - [DPC Cross-Border Data Processing (Lead SSA)](https://rakenne.app/skills/dpc-lead-ssa-ropa/index.md) — Draft Article 30 Records of Processing Activities for US firms using Ireland as Lead Supervisory Authority. Covers main establishment justification (GDPR Art. 4(16), EDPB criteria) and validation so … - [FERPA Compliance Documentation — Student Records Policy](https://rakenne.app/skills/us-ferpa-student-records-policy/index.md) — Draft and validate FERPA compliance documentation: annual notification, directory information policy, records access and amendment, disclosure log, and school official exception for edtech vendors per … - [GDPR Consent Form (Art. 7)](https://rakenne.app/skills/gdpr-consent-form/index.md) — Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation … - [GDPR Gap Assessment](https://rakenne.app/skills/gdpr-gap-assessment/index.md) — Perform a structured gap assessment against GDPR (Regulation 2016/679). Mandatory artifact detector scans for missing compliance documents; maturity rater suggests 0-5 maturity per domain across all … - [GDPR Legitimate Interest Assessment (Art. 6(1)(f))](https://rakenne.app/skills/gdpr-legitimate-interest-assessment/index.md) — Conduct a three-part Legitimate Interest Assessment (LIA) under GDPR Art. 6(1)(f): purpose test, necessity test, and balancing test. Validates against EDPB Opinion 08/2024, WP217, and CJEU case law … - [GDPR Privacy by Design & Default (Art. 25)](https://rakenne.app/skills/gdpr-privacy-by-design/index.md) — Assess and document data protection by design and by default measures per GDPR Article 25 and EDPB Guidelines 4/2019. Covers the seven foundational principles, Hoepman's eight design strategies, Art. … - [GDPR ROPA & DPIA Author](https://rakenne.app/skills/gdpr-ropa-dpia-author/index.md) — Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and … - [GDPR Vendor & Processor Audit (Art. 28)](https://rakenne.app/skills/gdpr-vendor-processor-audit/index.md) — Plan and document processor audits under GDPR Art. 28(3)(h). Covers Art. 28(3)(a-h) contract compliance, sub-processor chain review, international transfer assessment (SCCs, adequacy, BCRs, TIA), Art. … - [India DPDP Act — Data Protection Impact Assessment](https://rakenne.app/skills/in-dpdp-data-protection-assessment/index.md) — Draft and validate a Data Protection Impact Assessment for Significant Data Fiduciaries under India's Digital Personal Data Protection Act 2023. Covers processing inventory, consent framework, data … - [ISO 27701 Controller Controls (Annex A)](https://rakenne.app/skills/iso27701-controller-controls/index.md) — Implement and document ISO 27701 Clause 7 and Annex A controls specific to PII controllers. Covers conditions for collection/processing, obligations to PII principals, privacy by design/default, and … - [ISO 27701 DPIA Program](https://rakenne.app/skills/iso27701-dpia-program/index.md) — Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing … - [ISO 27701 PII Processing Inventory](https://rakenne.app/skills/iso27701-pii-inventory/index.md) — Build the PII processing inventory (Record of Processing Activities / ROPA) and data flow map for ISO 27701. Catalogs every processing activity with purpose, legal basis, data categories, PII … - [ISO 27701 PIMS Extension Author](https://rakenne.app/skills/iso27701-pims-extension-author/index.md) — Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy … - [ISO 27701 PIMS Internal Audit](https://rakenne.app/skills/iso27701-pims-internal-audit/index.md) — Plan and document a PIMS-specific internal audit. Covers audit planning, execution checklist, findings, nonconformities, and corrective actions focused on privacy controls and PII processing … - [ISO 27701 PIMS Scope Definition](https://rakenne.app/skills/iso27701-pims-scope/index.md) — Define the Privacy Information Management System (PIMS) scope per ISO/IEC 27701:2019+AMD1:2024 Clauses 5.2.1–5.2.4 — organization role as PII controller, processor, or both (5.2.1); interested parties … - [ISO 27701 PIMS Statement of Applicability](https://rakenne.app/skills/iso27701-pims-soa/index.md) — Create the PIMS Statement of Applicability covering both Annex A (controller) and Annex B (processor) controls. Maps each control to In/Out with justification, implementation status, and evidence — … - [ISO 27701 Privacy Policy Generator](https://rakenne.app/skills/iso27701-privacy-policy-generator/index.md) — Generate a comprehensive privacy policy/notice aligned to ISO 27701 Clause 6 controller obligations. Uses PII inventory and controller controls as inputs to produce a legally-grounded, auditable … - [ISO 27701 Privacy Risk Assessment](https://rakenne.app/skills/iso27701-privacy-risk-assessment/index.md) — Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical … - [ISO 27701 Processor Controls (Annex B)](https://rakenne.app/skills/iso27701-processor-controls/index.md) — Implement and document ISO 27701 Clause 8 and Annex B controls specific to PII processors. Covers conditions for processing, obligations to PII principals, privacy by design/default, sub-processor … - [ISO 27701 Security Controls Overlay](https://rakenne.app/skills/iso27701-security-controls-overlay/index.md) — Create the privacy overlay for the 93 ISO 27002:2022 security controls. For each control in the SoA, document what additional privacy-specific implementation is needed per ISO 27701 Clause 6. Covers … - [Japan APPI — Privacy Impact Assessment](https://rakenne.app/skills/jp-appi-privacy-impact-assessment/index.md) — Draft and validate a Privacy Impact Assessment for processing under Japan's Act on the Protection of Personal Information (APPI, amended 2022). Covers data categorisation, cross-border transfer … - [Multi-Jurisdiction Data Processing Agreement (GDPR + CCPA + UK)](https://rakenne.app/skills/multi-jurisdiction-dpa/index.md) — Draft an integrated Data Processing Agreement covering EU GDPR Article 28, EU Standard Contractual Clauses (SCCs), UK IDTA or UK Addendum, and US state privacy laws (CCPA/CPRA, CPA, VCDPA). Includes … - [NDB Incident Drafter](https://rakenne.app/skills/ndb-incident-drafter/index.md) — Draft and validate the Statement to the Commissioner and Notification to Individuals under Australia's Notifiable Data Breaches (NDB) scheme. Ensures the four mandatory sections under Privacy Act s … - [PDPA — Data Protection Management Programme (Singapore)](https://rakenne.app/skills/sg-pdpa-data-protection-programme/index.md) — Draft and validate the Data Protection Management Programme (DPMP) required by Singapore's Personal Data Protection Act 2012. Covers governance, data inventory, DPIA, breach management plan, and DPO … - [PIPEDA Privacy Management Framework](https://rakenne.app/skills/ca-pipeda-privacy-management-framework/index.md) — Draft and validate the Privacy Management Framework documentation for compliance with Canada's PIPEDA and the ten CSA Model Code principles. Covers privacy governance, PIA, breach reporting, and … - [POPIA Compliance Framework — Manual & PAIA Manual (South Africa)](https://rakenne.app/skills/za-popia-compliance-framework/index.md) — Draft and validate POPIA (Act 4 of 2013) compliance framework documentation and the mandatory PAIA Manual. Covers the eight conditions for lawful processing, PAIA manual, Information Officer … - [Privacy & PII Protection Program](https://rakenne.app/skills/iso27001-privacy-pii-program/index.md) — Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record … - [Saudi PDPL — Personal Data Protection Assessment](https://rakenne.app/skills/sa-pdpl-data-protection-assessment/index.md) — Draft and validate data protection compliance documentation under Saudi Arabia's Personal Data Protection Law (Royal Decree M/19 of 2021, amended 2023) and its Implementing Regulations. Covers data … - [UAE Federal PDPL — Data Protection Impact Assessment](https://rakenne.app/skills/ae-pdpl-data-protection-assessment/index.md) — Draft and validate a DPIA under UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL) and its Executive Regulations. Covers data inventory, lawful basis, cross-border transfers, … - [UK GDPR & DPIA (Data Protection)](https://rakenne.app/skills/uk-gdpr-dpia/index.md) — Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy … --- Back to [All Tags](https://rakenne.app/skill-tags/) | [Skill Library](https://rakenne.app/skills/)