--- id: sm-gdpr-dsgvo-expert name: "gdpr-dsgvo-expert" url: https://skills.yangsir.net/skill/sm-gdpr-dsgvo-expert author: davila7 domain: legal tags: ["gdpr", "dsgvo", "data-privacy", "legal-compliance"] install_count: 475 rating: 4.20 (20 reviews) github: https://github.com/davila7/claude-code-templates --- # gdpr-dsgvo-expert > 提供欧盟GDPR和德国DSGVO的专家级合规指导和审计服务,确保数据隐私保护。 **Stats**: 475 installs · 4.2/5 (20 reviews) ## Before / After 对比 ### GDPR/DSGVO 合规性审计与风险管理 | Metric | Before | After | Change | |---|---|---|---| | - | - | - | - | | - | - | - | - | | - | - | - | - | ## Readme # gdpr-dsgvo-expert # Senior GDPR/DSGVO Expert and Auditor Expert-level EU General Data Protection Regulation (GDPR) and German Datenschutz-Grundverordnung (DSGVO) compliance with comprehensive data protection auditing, privacy impact assessment, and regulatory compliance verification capabilities. ## Core GDPR/DSGVO Competencies ### 1. GDPR/DSGVO Compliance Framework Implementation Design and implement comprehensive data protection compliance programs ensuring systematic GDPR/DSGVO adherence. **GDPR Compliance Framework:** ``` GDPR/DSGVO COMPLIANCE IMPLEMENTATION ├── Legal Basis and Lawfulness │ ├── Lawful basis identification (Art. 6) │ ├── Special category data processing (Art. 9) │ ├── Criminal conviction data (Art. 10) │ └── Consent management and documentation ├── Individual Rights Implementation │ ├── Right to information (Art. 13-14) │ ├── Right of access (Art. 15) │ ├── Right to rectification (Art. 16) │ ├── Right to erasure (Art. 17) │ ├── Right to restrict processing (Art. 18) │ ├── Right to data portability (Art. 20) │ └── Right to object (Art. 21) ├── Accountability and Governance │ ├── Data protection policies and procedures │ ├── Records of processing activities (Art. 30) │ ├── Data protection impact assessments (Art. 35) │ └── Data protection by design and default (Art. 25) └── International Data Transfers ├── Adequacy decisions (Art. 45) ├── Standard contractual clauses (Art. 46) ├── Binding corporate rules (Art. 47) └── Derogations (Art. 49) ``` ### 2. Privacy Impact Assessment (DPIA) Implementation Conduct systematic Data Protection Impact Assessments ensuring comprehensive privacy risk identification and mitigation. **DPIA Process Framework:** - **DPIA Threshold Assessment** Systematic large-scale processing evaluation - Special category data processing assessment - High-risk processing activity identification - **Decision Point**: Determine DPIA necessity per Article 35 - **DPIA Execution Process** **Processing Description**: Comprehensive data processing analysis - **Necessity and Proportionality**: Legal basis and purpose limitation assessment - **Privacy Risk Assessment**: Risk identification, analysis, and evaluation - **Mitigation Measures**: Risk reduction and residual risk management - **DPIA Documentation and Review** DPIA report preparation and stakeholder consultation - Data Protection Officer (DPO) consultation and advice - Supervisory authority consultation (if required) - DPIA monitoring and review processes ### 3. Data Subject Rights Management Implement comprehensive data subject rights fulfillment processes ensuring timely and effective rights exercise. **Data Subject Rights Framework:** ``` DATA SUBJECT RIGHTS IMPLEMENTATION ├── Rights Request Management │ ├── Request receipt and verification │ ├── Identity verification procedures │ ├── Request assessment and classification │ └── Response timeline management ├── Rights Fulfillment Processes │ ├── Information provision (privacy notices) │ ├── Data access and copy provision │ ├── Data rectification and correction │ ├── Data erasure and deletion │ ├── Processing restriction implementation │ ├── Data portability and transfer │ └── Objection handling and opt-out ├── Complex Rights Scenarios │ ├── Conflicting rights balancing │ ├── Third-party rights considerations │ ├── Legal obligation conflicts │ └── Legitimate interest assessments └── Rights Response Documentation ├── Decision rationale documentation ├── Technical implementation evidence ├── Timeline compliance verification └── Appeal and complaint procedures ``` ### 4. German DSGVO Specific Requirements Address German-specific implementation of GDPR including national derogations and additional requirements. **German DSGVO Specificities:** - **BDSG Integration**: Federal Data Protection Act coordination with GDPR - **Länder Data Protection Laws**: State-specific data protection requirements - **Sectoral Regulations**: Healthcare, telecommunications, and financial services - **German Supervisory Authorities**: Federal and state data protection authority coordination ## Advanced GDPR Applications ### Healthcare Data Protection (Medical Device Context) Implement specialized data protection measures for healthcare data processing in medical device environments. **Healthcare GDPR Compliance:** - **Health Data Processing Framework** Health data classification and special category handling - Medical research and clinical trial data protection - Patient consent management and documentation - **Decision Point**: Determine appropriate legal basis for health data processing - **Medical Device Data Protection** **For Connected Devices**: Follow references/device-data-protection.md - **For Clinical Systems**: Follow references/clinical-data-protection.md - **For Research Platforms**: Follow references/research-data-protection.md - Cross-border health data transfer management - **Healthcare Stakeholder Coordination** Healthcare provider data processing agreements - Medical device manufacturer responsibilities - Clinical research organization compliance - Patient rights exercise in healthcare context ### International Data Transfer Compliance Manage complex international data transfer scenarios ensuring GDPR Chapter V compliance. **International Transfer Framework:** - **Transfer Mechanism Assessment** Adequacy decision availability and scope - Standard Contractual Clauses (SCCs) implementation - Binding Corporate Rules (BCRs) development - Certification and code of conduct utilization - **Transfer Risk Assessment** Third country data protection law analysis - Government access and surveillance risk evaluation - Data subject rights enforceability assessment - Additional safeguard necessity determination - **Supplementary Measures Implementation** Technical measures: encryption, pseudonymization, access controls - Organizational measures: data minimization, purpose limitation, retention - Contractual measures: additional processor obligations, audit rights - Procedural measures: transparency, redress mechanisms ## GDPR Audit and Assessment ### GDPR Compliance Auditing Conduct systematic GDPR compliance audits ensuring comprehensive data protection verification. **GDPR Audit Methodology:** - **Audit Planning and Scope** Data processing inventory and risk assessment - Audit scope definition and stakeholder identification - Audit criteria and methodology selection - **Audit Team Assembly**: Technical and legal competency requirements - **Audit Execution Process** **Legal Compliance Assessment**: GDPR article-by-article compliance verification - **Technical Measures Review**: Data protection by design and default implementation - **Organizational Measures Evaluation**: Policies, procedures, and training effectiveness - **Documentation Review**: Records of processing, DPIAs, and data subject communications - **Audit Finding and Reporting** Non-compliance identification and risk assessment - Improvement recommendation development - Regulatory reporting obligation assessment - Remediation planning and timeline development ### Privacy Risk Assessment Conduct comprehensive privacy risk assessments ensuring systematic privacy risk management. **Privacy Risk Assessment Framework:** - **Data Flow Analysis**: Comprehensive data processing mapping and analysis - **Privacy Risk Identification**: Personal data processing risk evaluation - **Risk Impact Assessment**: Individual and organizational privacy impact - **Risk Mitigation Planning**: Privacy control implementation and effectiveness ### External Audit Preparation Prepare organization for supervisory authority investigations and external privacy audits. **External Audit Readiness:** - **Supervisory Authority Preparation** Investigation response procedures and protocols - Documentation organization and accessibility - Personnel training and communication coordination - **Legal Representation**: External counsel coordination and support - **Compliance Verification** Internal audit completion and issue resolution - Documentation completeness and accuracy verification - Process implementation and effectiveness demonstration - Continuous monitoring and improvement evidence ## Data Protection Officer (DPO) Support ### DPO Function Support and Coordination Provide comprehensive support to Data Protection Officer functions ensuring effective data protection governance. **DPO Support Framework:** - **DPO Advisory Support**: Technical and legal guidance for complex data protection issues - **DPO Resource Coordination**: Cross-functional team coordination and resource provision - **DPO Training and Development**: Ongoing competency development and regulatory updates - **DPO Independence Assurance**: Organizational independence and conflict of interest management ### Data Protection Governance Establish comprehensive data protection governance ensuring organizational accountability and compliance. **Governance Structure:** - **Data Protection Committee**: Cross-functional data protection decision-making body - **Privacy Steering Group**: Strategic privacy program oversight and direction - **Data Protection Champions**: Departmental privacy representatives and coordination - **Privacy Compliance Network**: Organization-wide privacy competency and awareness ## GDPR Performance and Continuous Improvement ### Privacy Program Performance Metrics Monitor comprehensive privacy program performance ensuring continuous improvement and compliance demonstration. **Privacy Performance KPIs:** - **Compliance Rate**: GDPR requirement implementation and adherence rates - **Data Subject Rights**: Request fulfillment timeliness and accuracy - **Privacy Risk Management**: Risk identification, assessment, and mitigation effectiveness - **Incident Management**: Data breach response and notification compliance - **Training Effectiveness**: Privacy awareness and competency development ### Privacy Program Optimization Continuously improve privacy program through regulatory monitoring, best practice adoption, and technology integration. **Program Enhancement:** - **Regulatory Intelligence** GDPR interpretation guidance and supervisory authority positions - Case law development and regulatory enforcement trends - Industry best practice evolution and adoption - **Technology Innovation**: Privacy-enhancing technology evaluation and implementation - **Privacy Program Evolution** Process optimization and automation opportunities - Cross-border compliance harmonization - Stakeholder feedback integration and response - Privacy culture development and maturation ## Resources ### scripts/ - `gdpr-compliance-checker.py`: Comprehensive GDPR compliance assessment and verification - `dpia-automation.py`: Data Protection Impact Assessment workflow automation - `data-subject-rights-tracker.py`: Individual rights request management and tracking - `privacy-audit-generator.py`: Automated privacy audit checklist and report generation ### references/ - `gdpr-implementation-guide.md`: Complete GDPR compliance implementation framework - `dsgvo-specific-requirements.md`: German DSGVO implementation and national requirements - `device-data-protection.md`: Medical device data protection compliance guidance - `international-transfer-guide.md`: Chapter V international transfer compliance - `privacy-audit-methodology.md`: Comprehensive GDPR audit procedures and checklists ### assets/ - `gdpr-templates/`: Privacy notice, consent, and data subject rights response templates - `dpia-tools/`: Data Protection Impact Assessment worksheets and frameworks - `audit-checklists/`: GDPR compliance audit and assessment checklists - `training-materials/`: Data protection awareness and compliance training programs Weekly Installs221Repository[davila7/claude-…emplates](https://github.com/davila7/claude-code-templates)GitHub Stars23.1KFirst SeenJan 21, 2026Security Audits[Gen Agent Trust HubPass](/davila7/claude-code-templates/gdpr-dsgvo-expert/security/agent-trust-hub)[SocketPass](/davila7/claude-code-templates/gdpr-dsgvo-expert/security/socket)[SnykPass](/davila7/claude-code-templates/gdpr-dsgvo-expert/security/snyk)Installed onopencode190claude-code183gemini-cli181cursor175codex169github-copilot163 --- *Source: https://skills.yangsir.net/skill/sm-gdpr-dsgvo-expert* *Markdown mirror: https://skills.yangsir.net/api/skill/sm-gdpr-dsgvo-expert/markdown*