GDPR DPIA 筛查
依据 GDPR 第 35 条筛查处理活动是否需 DPIA,进行风险映射与阈值评估,适用于新数据处理或 AI 功能上线前。
Official alternative
Anthropic maintains an official plugin workflow for this task. Use it when you want the full marketplace plugin with MCP connectors.
Privacy Legal 插件/plugin install privacy-legal@claude-for-legal
Official outputs require attorney review before client reliance.
关于此技能
依据 GDPR 第 35 条筛查处理活动是否需 DPIA,进行风险映射与阈值评估,适用于新数据处理或 AI 功能上线前。
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
How to install
- Download the ZIP and unzip the skill folder.
- In Claude: Settings → Capabilities → Skills → Upload skill folder.
- In Claude Code or Codex: copy the folder into `.claude/skills/` or `~/.agents/skills/`.
- Invoke the skill by describing a task that matches the skill description.
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.
示例工作流预览
Use synthetic sample matter data to preview the prompt structure and review checklist before downloading or installing.
Sample data only. Do not upload client matter documents in this preview.
Sample analytics feature processing description
[SYNTHETIC SAMPLE — NOT A CLIENT DOCUMENT] Product: Website analytics heatmaps for logged-in users Data: account ID, page URLs, click coordinates, session timestamps Purpose: product improvement and UX optimization Recipients: internal product team and EU hosting provider Retention: 24 months Special categories: none declared Automated decisions: none declared
Copy sample prompt
Screen this processing activity for GDPR Article 35 DPIA requirements. Map risk factors, state whether a DPIA is required, and list mitigation steps before launch.
Expected review checklist
- Confirm lawful basis and necessity for each data element
- Check whether DPIA threshold criteria are met
- Document retention and deletion controls
- Escalate to DPO/privacy counsel before production launch
Skill content preview
# GDPR DPIA Screening Determine whether a DPIA is required and outline the next compliance steps. ## Intake Collect: 1. Processing purpose and legal basis 2. Data categories and data subjects 3. Scale, context, and nature of processing 4. New technologies or profiling/ automated decision-making 5. Cross-border transfers and subprocessors ## Screening steps 1. Check WP248 / EDPB criteria and relevant supervisory authority blacklists 2. Identify high-risk indicators (special categories, vulnerable subjects, systematic monitoring, large-scale processing) 3. Assess necessity and proportionality at a high level 4. Map mitigations already in place 5. Decide: DPIA required / not required / borderline — seek DPO review ## Output format ```markdown ## DPIA screening result ## Processing summary ## Risk indicators checklist ## Mitigations in place ## Recommended next steps (full DPIA / Art. 36 consultation / proceed with controls) ## Open questions for DPO or privacy counsel ``` ## Guardrails - Do not invent supervisory authority guidance; cite official sources when referenced. - Flag AI-related processing for enhanced review per current EDPB guidance trends. - Output is screening support, not a completed DPIA.
Sources and official references
Skills provide structured workflow guidance for attorney-supervised use. They are not legal advice and require human review before client reliance.