GDPR-DPIA-Screening
Prüft Verarbeitungstätigkeiten auf DPIA-Anforderungen nach Art. 35 DSGVO mit Risikomapping und Schwellenwert- bewertung vor neuen Verarbeitungen oder KI-Funktionen.
Official alternative
Anthropic maintains an official plugin workflow for this task. Use it when you want the full marketplace plugin with MCP connectors.
Privacy Legal Plugin/plugin install privacy-legal@claude-for-legal
Official outputs require attorney review before client reliance.
Über diesen Skill
Prüft Verarbeitungstätigkeiten auf DPIA-Anforderungen nach Art. 35 DSGVO mit Risikomapping und Schwellenwert- bewertung vor neuen Verarbeitungen oder KI-Funktionen.
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
How to install
- Download the ZIP and unzip the skill folder.
- In Claude: Settings → Capabilities → Skills → Upload skill folder.
- In Claude Code or Codex: copy the folder into `.claude/skills/` or `~/.agents/skills/`.
- Invoke the skill by describing a task that matches the skill description.
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
Beispiel-Workflow-Vorschau
Use synthetic sample matter data to preview the prompt structure and review checklist before downloading or installing.
Nur Beispieldaten. Keine Mandantendokumente hochladen.
Sample analytics feature processing description
[SYNTHETIC SAMPLE — NOT A CLIENT DOCUMENT] Product: Website analytics heatmaps for logged-in users Data: account ID, page URLs, click coordinates, session timestamps Purpose: product improvement and UX optimization Recipients: internal product team and EU hosting provider Retention: 24 months Special categories: none declared Automated decisions: none declared
Beispiel-Prompt kopieren
Screen this processing activity for GDPR Article 35 DPIA requirements. Map risk factors, state whether a DPIA is required, and list mitigation steps before launch.
Expected review checklist
- Confirm lawful basis and necessity for each data element
- Check whether DPIA threshold criteria are met
- Document retention and deletion controls
- Escalate to DPO/privacy counsel before production launch
Skill content preview
# GDPR DPIA Screening Determine whether a DPIA is required and outline the next compliance steps. ## Intake Collect: 1. Processing purpose and legal basis 2. Data categories and data subjects 3. Scale, context, and nature of processing 4. New technologies or profiling/ automated decision-making 5. Cross-border transfers and subprocessors ## Screening steps 1. Check WP248 / EDPB criteria and relevant supervisory authority blacklists 2. Identify high-risk indicators (special categories, vulnerable subjects, systematic monitoring, large-scale processing) 3. Assess necessity and proportionality at a high level 4. Map mitigations already in place 5. Decide: DPIA required / not required / borderline — seek DPO review ## Output format ```markdown ## DPIA screening result ## Processing summary ## Risk indicators checklist ## Mitigations in place ## Recommended next steps (full DPIA / Art. 36 consultation / proceed with controls) ## Open questions for DPO or privacy counsel ``` ## Guardrails - Do not invent supervisory authority guidance; cite official sources when referenced. - Flag AI-related processing for enhanced review per current EDPB guidance trends. - Output is screening support, not a completed DPIA.
Sources and official references
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.