DPC GDPR Readiness
Get Started with This SkillOverview
GDPR readiness and self-assessment aligned to the Ireland DPC Self-Assessment Checklist: data mapping, legal basis, retention, and links to the eight detailed checklist areas.
Getting Started
Add your source materials to the project workspace, then activate the DPC GDPR Readiness skill. The agent will guide you through the process step by step.
Example conversation
You: We need a single place that maps all the personal data we process—categories, where it comes from, legal basis, retention—and what we need to fix for the DPC checklist. We have a rough ROPA in the workspace.
Agent: I’ll use the DPC readiness reference to structure a proper data mapping. For each category I need: data subjects, elements, source, purposes, legal basis (Art. 6 or 9), retention, and any compliance action. I’ll pull from your ROPA and flag gaps. Should I also list which of the eight checklist areas (e.g. data subject rights, transfers) each category touches so you can drill down with the other DPC skills?
Output excerpt
Data mapping (excerpt)
| Category / data subjects | Elements | Source | Purposes | Legal basis | Retention | Action required |
|---|---|---|---|---|---|---|
| Customer (sales) | Name, email, order history | Direct | Fulfilment, marketing | Contract; consent (marketing) | 6 years post-order; 2 years post opt-out | Update notice; confirm consent mechanism |
| Employee | Name, payroll, performance | Direct | HR, payroll, appraisal | Contract; legal obligation | 7 years (tax); employment + 6 years | Limit access; secure destruction procedure |
Links to detailed areas: Data subject rights (SAR, portability); Transparency (notice); International transfers (CRM in US).
Extension and validation
The skill includes a validate_readiness_document tool that checks your readiness document against the DPC Self-Assessment Checklist:
- Required mapping elements: Categories of personal data and data subjects, elements of personal data, source of the data, purposes for processing, legal basis (Art. 6 and, if applicable, Art. 9), retention period, and action required for GDPR compliance. Missing elements are reported as errors.
- Placeholders: Detects unfilled placeholders (e.g.
[ ... ],TBD,TODO) and lists them so you can complete the draft. - Checklist areas: Warns if the document does not reference the eight detailed DPC checklist areas (e.g. data subject rights, transparency, data security, breaches, international transfers), so you can link to them for deeper assessment.
Run the tool on your draft readiness document and fix any reported gaps before finalising.