← Back to Skills Marketplace
alirezarezvani

Gdpr Dsgvo Expert

by Alireza Rezvani · GitHub ↗ · v2.1.1 · MIT-0
cross-platform ✓ Security Clean
1916
Downloads
3
Stars
9
Active Installs
2
Versions
Install in OpenClaw
/install gdpr-dsgvo-expert
Description
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD...
README (SKILL.md)

GDPR/DSGVO Expert

Tools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance.

Table of Contents

Tools

GDPR Compliance Checker

Scans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.

# Scan a project directory
python scripts/gdpr_compliance_checker.py /path/to/project

# JSON output for CI/CD integration
python scripts/gdpr_compliance_checker.py . --json --output report.json

Detects:

  • Personal data patterns (email, phone, IP addresses)
  • Special category data (health, biometric, religion)
  • Financial data (credit cards, IBAN)
  • Risky code patterns:
    • Logging personal data
    • Missing consent mechanisms
    • Indefinite data retention
    • Unencrypted sensitive data
    • Disabled deletion functionality

Output:

  • Compliance score (0-100)
  • Risk categorization (critical, high, medium)
  • Prioritized recommendations with GDPR article references

DPIA Generator

Generates Data Protection Impact Assessment documentation following Art. 35 requirements.

# Get input template
python scripts/dpia_generator.py --template > input.json

# Generate DPIA report
python scripts/dpia_generator.py --input input.json --output dpia_report.md

Features:

  • Automatic DPIA threshold assessment
  • Risk identification based on processing characteristics
  • Legal basis requirements documentation
  • Mitigation recommendations
  • Markdown report generation

DPIA Triggers Assessed:

  • Systematic monitoring (Art. 35(3)(c))
  • Large-scale special category data (Art. 35(3)(b))
  • Automated decision-making (Art. 35(3)(a))
  • WP29 high-risk criteria

Data Subject Rights Tracker

Manages data subject rights requests under GDPR Articles 15-22.

# Add new request
python scripts/data_subject_rights_tracker.py add \
  --type access --subject "John Doe" --email "[email protected]"

# List all requests
python scripts/data_subject_rights_tracker.py list

# Update status
python scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified

# Generate compliance report
python scripts/data_subject_rights_tracker.py report --output compliance.json

# Generate response template
python scripts/data_subject_rights_tracker.py template --id DSR-202601-0001

Supported Rights:

Right Article Deadline
Access Art. 15 30 days
Rectification Art. 16 30 days
Erasure Art. 17 30 days
Restriction Art. 18 30 days
Portability Art. 20 30 days
Objection Art. 21 30 days
Automated decisions Art. 22 30 days

Features:

  • Deadline tracking with overdue alerts
  • Identity verification workflow
  • Response template generation
  • Compliance reporting

Reference Guides

GDPR Compliance Guide

references/gdpr_compliance_guide.md

Comprehensive implementation guidance covering:

  • Legal bases for processing (Art. 6)
  • Special category requirements (Art. 9)
  • Data subject rights implementation
  • Accountability requirements (Art. 30)
  • International transfers (Chapter V)
  • Breach notification (Art. 33-34)

German BDSG Requirements

references/german_bdsg_requirements.md

German-specific requirements including:

  • DPO appointment threshold (§ 38 BDSG - 20+ employees)
  • Employment data processing (§ 26 BDSG)
  • Video surveillance rules (§ 4 BDSG)
  • Credit scoring requirements (§ 31 BDSG)
  • State data protection laws (Landesdatenschutzgesetze)
  • Works council co-determination rights

DPIA Methodology

references/dpia_methodology.md

Step-by-step DPIA process:

  • Threshold assessment criteria
  • WP29 high-risk indicators
  • Risk assessment methodology
  • Mitigation measure categories
  • DPO and supervisory authority consultation
  • Templates and checklists

Workflows

Workflow 1: New Processing Activity Assessment

Step 1: Run compliance checker on codebase
        → python scripts/gdpr_compliance_checker.py /path/to/code

Step 2: Review findings and compliance score
        → Address critical and high issues

Step 3: Determine if DPIA required
        → Check references/dpia_methodology.md threshold criteria

Step 4: If DPIA required, generate assessment
        → python scripts/dpia_generator.py --template > input.json
        → Fill in processing details
        → python scripts/dpia_generator.py --input input.json --output dpia.md

Step 5: Document in records of processing activities

Workflow 2: Data Subject Request Handling

Step 1: Log request in tracker
        → python scripts/data_subject_rights_tracker.py add --type [type] ...

Step 2: Verify identity (proportionate measures)
        → python scripts/data_subject_rights_tracker.py status --id [ID] --update verified

Step 3: Gather data from systems
        → python scripts/data_subject_rights_tracker.py status --id [ID] --update in_progress

Step 4: Generate response
        → python scripts/data_subject_rights_tracker.py template --id [ID]

Step 5: Send response and complete
        → python scripts/data_subject_rights_tracker.py status --id [ID] --update completed

Step 6: Monitor compliance
        → python scripts/data_subject_rights_tracker.py report

Workflow 3: German BDSG Compliance Check

Step 1: Determine if DPO required
        → 20+ employees processing personal data automatically
        → OR processing requires DPIA
        → OR business involves data transfer/market research

Step 2: If employees involved, review § 26 BDSG
        → Document legal basis for employee data
        → Check works council requirements

Step 3: If video surveillance, comply with § 4 BDSG
        → Install signage
        → Document necessity
        → Limit retention

Step 4: Register DPO with supervisory authority
        → See references/german_bdsg_requirements.md for authority list

Key GDPR Concepts

Legal Bases (Art. 6)

  • Consent: Marketing, newsletters, analytics (must be freely given, specific, informed)
  • Contract: Order fulfillment, service delivery
  • Legal obligation: Tax records, employment law
  • Legitimate interests: Fraud prevention, security (requires balancing test)

Special Category Data (Art. 9)

Requires explicit consent or Art. 9(2) exception:

  • Health data
  • Biometric data
  • Racial/ethnic origin
  • Political opinions
  • Religious beliefs
  • Trade union membership
  • Genetic data
  • Sexual orientation

Data Subject Rights

All rights must be fulfilled within 30 days (extendable to 90 for complex requests):

  • Access: Provide copy of data and processing information
  • Rectification: Correct inaccurate data
  • Erasure: Delete data (with exceptions for legal obligations)
  • Restriction: Limit processing while issues are resolved
  • Portability: Provide data in machine-readable format
  • Object: Stop processing based on legitimate interests

German BDSG Additions

Topic BDSG Section Key Requirement
DPO threshold § 38 20+ employees = mandatory DPO
Employment § 26 Detailed employee data rules
Video § 4 Signage and proportionality
Scoring § 31 Explainable algorithms
Usage Guidance
This package appears to do what it says, but take precautions before running it: 1) Run the tools only on codebases you control or in a sandbox/container — the scanner will read many file types (including .env) and can reveal secrets. 2) Protect any generated DSR data files (dsr_requests.json) and reports; the tracker stores requests in plaintext by default. 3) Review and adapt the identity-verification and retention workflows before using the tracker in production (the script records status but does not implement robust verification or access controls). 4) Treat findings as guidance — false positives are possible (regex-based scanning). 5) If you need remote/network integration, review and add secure transport and auth rather than exposing findings or PII. If you want, I can point out specific lines in the scripts that read .env/config files, where files are written, and where you should add encryption or access controls.
Capability Analysis
Type: OpenClaw Skill Name: gdpr-dsgvo-expert Version: 2.1.1 The gdpr-dsgvo-expert bundle provides legitimate tools for GDPR and German DSGVO compliance automation, including a codebase scanner, DPIA generator, and rights request tracker. The Python scripts (gdpr_compliance_checker.py, dpia_generator.py, and data_subject_rights_tracker.py) use standard libraries to perform local file analysis and data management without any network activity, obfuscation, or unauthorized data access. The instructions in SKILL.md are consistent with the tool's stated purpose and do not contain prompt injection attempts or malicious commands.
Capability Assessment
Purpose & Capability
Name/description (GDPR/DSGVO automation) align with the included scripts and reference docs. The three scripts implement a compliance scanner, DPIA generator, and DSR tracker as advertised; no unrelated credentials, binaries, or unexpected OS-level access are requested.
Instruction Scope
SKILL.md instructs the agent/user to scan arbitrary project directories and run the included scripts. This is expected, but the scanner will read many file types (including .env and config files) and the DSR tracker persists requests to a local JSON file; both behaviors can surface sensitive data and should be run only on repositories/systems you control.
Install Mechanism
No install spec is provided (instruction-only), and the code files are plain Python scripts. Nothing is downloaded or installed automatically as part of the skill, so there is low install risk. The user runs the scripts explicitly.
Credentials
The skill declares no required environment variables or credentials and does not appear to access system credentials. The scanner intentionally examines files (including .env and config files) which is proportionate to scanning for personal data but means it can surface secrets if run against sensitive directories.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does create and update local artifacts (e.g., dsr_requests.json, report files) in the working directory; these are normal but note they are stored in plaintext by the included scripts.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gdpr-dsgvo-expert
  3. After installation, invoke the skill by name or use /gdpr-dsgvo-expert
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release of GDPR/DSGVO Expert – automation tools and guidance for EU and German data protection compliance. - Scans codebases for GDPR privacy risks and provides compliance scores with actionable recommendations. - Generates Data Protection Impact Assessments (DPIA) with markdown reports based on Art. 35 requirements. - Tracks data subject rights requests (access, rectification, erasure, etc.) with deadline alerts and response templates. - Includes step-by-step workflows for compliance checks, DPIA generation, and German BDSG-specific requirements. - Provides comprehensive reference guides for GDPR, BDSG, and DPIA methodologies.
Metadata
Slug gdpr-dsgvo-expert
Version 2.1.1
License MIT-0
All-time Installs 9
Active Installs 9
Total Versions 2
Frequently Asked Questions

What is Gdpr Dsgvo Expert?

GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD... It is an AI Agent Skill for Claude Code / OpenClaw, with 1916 downloads so far.

How do I install Gdpr Dsgvo Expert?

Run "/install gdpr-dsgvo-expert" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gdpr Dsgvo Expert free?

Yes, Gdpr Dsgvo Expert is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Gdpr Dsgvo Expert support?

Gdpr Dsgvo Expert is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gdpr Dsgvo Expert?

It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v2.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments