Cribado DPIA GDPR
Evalúa actividades de tratamiento para requisitos DPIA del artículo 35 del GDPR, con mapa de riesgos y evaluación de umbrales antes de nuevos tratamientos o funciones de IA.
Official alternative
Anthropic maintains an official plugin workflow for this task. Use it when you want the full marketplace plugin with MCP connectors.
Plugin Privacy Legal/plugin install privacy-legal@claude-for-legal
Official outputs require attorney review before client reliance.
Acerca de esta skill
Evalúa actividades de tratamiento para requisitos DPIA del artículo 35 del GDPR, con mapa de riesgos y evaluación de umbrales antes de nuevos tratamientos o funciones de IA.
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
How to install
- Download the ZIP and unzip the skill folder.
- In Claude: Settings → Capabilities → Skills → Upload skill folder.
- In Claude Code or Codex: copy the folder into `.claude/skills/` or `~/.agents/skills/`.
- Invoke the skill by describing a task that matches the skill description.
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
Vista previa de muestra
Use synthetic sample matter data to preview the prompt structure and review checklist before downloading or installing.
Solo datos de muestra. No suba documentos del cliente.
Sample analytics feature processing description
[SYNTHETIC SAMPLE — NOT A CLIENT DOCUMENT] Product: Website analytics heatmaps for logged-in users Data: account ID, page URLs, click coordinates, session timestamps Purpose: product improvement and UX optimization Recipients: internal product team and EU hosting provider Retention: 24 months Special categories: none declared Automated decisions: none declared
Copiar prompt de muestra
Screen this processing activity for GDPR Article 35 DPIA requirements. Map risk factors, state whether a DPIA is required, and list mitigation steps before launch.
Expected review checklist
- Confirm lawful basis and necessity for each data element
- Check whether DPIA threshold criteria are met
- Document retention and deletion controls
- Escalate to DPO/privacy counsel before production launch
Skill content preview
# GDPR DPIA Screening Determine whether a DPIA is required and outline the next compliance steps. ## Intake Collect: 1. Processing purpose and legal basis 2. Data categories and data subjects 3. Scale, context, and nature of processing 4. New technologies or profiling/ automated decision-making 5. Cross-border transfers and subprocessors ## Screening steps 1. Check WP248 / EDPB criteria and relevant supervisory authority blacklists 2. Identify high-risk indicators (special categories, vulnerable subjects, systematic monitoring, large-scale processing) 3. Assess necessity and proportionality at a high level 4. Map mitigations already in place 5. Decide: DPIA required / not required / borderline — seek DPO review ## Output format ```markdown ## DPIA screening result ## Processing summary ## Risk indicators checklist ## Mitigations in place ## Recommended next steps (full DPIA / Art. 36 consultation / proceed with controls) ## Open questions for DPO or privacy counsel ``` ## Guardrails - Do not invent supervisory authority guidance; cite official sources when referenced. - Flag AI-related processing for enhanced review per current EDPB guidance trends. - Output is screening support, not a completed DPIA.
Sources and official references
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.