← 返回 Skills 市场
Gdpr Dsgvo Expert
作者
Alireza Rezvani
· GitHub ↗
· v2.1.1
· MIT-0
1916
总下载
3
收藏
9
当前安装
2
版本数
在 OpenClaw 中安装
/install gdpr-dsgvo-expert
功能描述
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD...
使用说明 (SKILL.md)
GDPR/DSGVO Expert
Tools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance.
Table of Contents
Tools
GDPR Compliance Checker
Scans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.
# Scan a project directory
python scripts/gdpr_compliance_checker.py /path/to/project
# JSON output for CI/CD integration
python scripts/gdpr_compliance_checker.py . --json --output report.json
Detects:
- Personal data patterns (email, phone, IP addresses)
- Special category data (health, biometric, religion)
- Financial data (credit cards, IBAN)
- Risky code patterns:
- Logging personal data
- Missing consent mechanisms
- Indefinite data retention
- Unencrypted sensitive data
- Disabled deletion functionality
Output:
- Compliance score (0-100)
- Risk categorization (critical, high, medium)
- Prioritized recommendations with GDPR article references
DPIA Generator
Generates Data Protection Impact Assessment documentation following Art. 35 requirements.
# Get input template
python scripts/dpia_generator.py --template > input.json
# Generate DPIA report
python scripts/dpia_generator.py --input input.json --output dpia_report.md
Features:
- Automatic DPIA threshold assessment
- Risk identification based on processing characteristics
- Legal basis requirements documentation
- Mitigation recommendations
- Markdown report generation
DPIA Triggers Assessed:
- Systematic monitoring (Art. 35(3)(c))
- Large-scale special category data (Art. 35(3)(b))
- Automated decision-making (Art. 35(3)(a))
- WP29 high-risk criteria
Data Subject Rights Tracker
Manages data subject rights requests under GDPR Articles 15-22.
# Add new request
python scripts/data_subject_rights_tracker.py add \
--type access --subject "John Doe" --email "[email protected]"
# List all requests
python scripts/data_subject_rights_tracker.py list
# Update status
python scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified
# Generate compliance report
python scripts/data_subject_rights_tracker.py report --output compliance.json
# Generate response template
python scripts/data_subject_rights_tracker.py template --id DSR-202601-0001
Supported Rights:
| Right | Article | Deadline |
|---|---|---|
| Access | Art. 15 | 30 days |
| Rectification | Art. 16 | 30 days |
| Erasure | Art. 17 | 30 days |
| Restriction | Art. 18 | 30 days |
| Portability | Art. 20 | 30 days |
| Objection | Art. 21 | 30 days |
| Automated decisions | Art. 22 | 30 days |
Features:
- Deadline tracking with overdue alerts
- Identity verification workflow
- Response template generation
- Compliance reporting
Reference Guides
GDPR Compliance Guide
references/gdpr_compliance_guide.md
Comprehensive implementation guidance covering:
- Legal bases for processing (Art. 6)
- Special category requirements (Art. 9)
- Data subject rights implementation
- Accountability requirements (Art. 30)
- International transfers (Chapter V)
- Breach notification (Art. 33-34)
German BDSG Requirements
references/german_bdsg_requirements.md
German-specific requirements including:
- DPO appointment threshold (§ 38 BDSG - 20+ employees)
- Employment data processing (§ 26 BDSG)
- Video surveillance rules (§ 4 BDSG)
- Credit scoring requirements (§ 31 BDSG)
- State data protection laws (Landesdatenschutzgesetze)
- Works council co-determination rights
DPIA Methodology
references/dpia_methodology.md
Step-by-step DPIA process:
- Threshold assessment criteria
- WP29 high-risk indicators
- Risk assessment methodology
- Mitigation measure categories
- DPO and supervisory authority consultation
- Templates and checklists
Workflows
Workflow 1: New Processing Activity Assessment
Step 1: Run compliance checker on codebase
→ python scripts/gdpr_compliance_checker.py /path/to/code
Step 2: Review findings and compliance score
→ Address critical and high issues
Step 3: Determine if DPIA required
→ Check references/dpia_methodology.md threshold criteria
Step 4: If DPIA required, generate assessment
→ python scripts/dpia_generator.py --template > input.json
→ Fill in processing details
→ python scripts/dpia_generator.py --input input.json --output dpia.md
Step 5: Document in records of processing activities
Workflow 2: Data Subject Request Handling
Step 1: Log request in tracker
→ python scripts/data_subject_rights_tracker.py add --type [type] ...
Step 2: Verify identity (proportionate measures)
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update verified
Step 3: Gather data from systems
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update in_progress
Step 4: Generate response
→ python scripts/data_subject_rights_tracker.py template --id [ID]
Step 5: Send response and complete
→ python scripts/data_subject_rights_tracker.py status --id [ID] --update completed
Step 6: Monitor compliance
→ python scripts/data_subject_rights_tracker.py report
Workflow 3: German BDSG Compliance Check
Step 1: Determine if DPO required
→ 20+ employees processing personal data automatically
→ OR processing requires DPIA
→ OR business involves data transfer/market research
Step 2: If employees involved, review § 26 BDSG
→ Document legal basis for employee data
→ Check works council requirements
Step 3: If video surveillance, comply with § 4 BDSG
→ Install signage
→ Document necessity
→ Limit retention
Step 4: Register DPO with supervisory authority
→ See references/german_bdsg_requirements.md for authority list
Key GDPR Concepts
Legal Bases (Art. 6)
- Consent: Marketing, newsletters, analytics (must be freely given, specific, informed)
- Contract: Order fulfillment, service delivery
- Legal obligation: Tax records, employment law
- Legitimate interests: Fraud prevention, security (requires balancing test)
Special Category Data (Art. 9)
Requires explicit consent or Art. 9(2) exception:
- Health data
- Biometric data
- Racial/ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic data
- Sexual orientation
Data Subject Rights
All rights must be fulfilled within 30 days (extendable to 90 for complex requests):
- Access: Provide copy of data and processing information
- Rectification: Correct inaccurate data
- Erasure: Delete data (with exceptions for legal obligations)
- Restriction: Limit processing while issues are resolved
- Portability: Provide data in machine-readable format
- Object: Stop processing based on legitimate interests
German BDSG Additions
| Topic | BDSG Section | Key Requirement |
|---|---|---|
| DPO threshold | § 38 | 20+ employees = mandatory DPO |
| Employment | § 26 | Detailed employee data rules |
| Video | § 4 | Signage and proportionality |
| Scoring | § 31 | Explainable algorithms |
安全使用建议
This package appears to do what it says, but take precautions before running it: 1) Run the tools only on codebases you control or in a sandbox/container — the scanner will read many file types (including .env) and can reveal secrets. 2) Protect any generated DSR data files (dsr_requests.json) and reports; the tracker stores requests in plaintext by default. 3) Review and adapt the identity-verification and retention workflows before using the tracker in production (the script records status but does not implement robust verification or access controls). 4) Treat findings as guidance — false positives are possible (regex-based scanning). 5) If you need remote/network integration, review and add secure transport and auth rather than exposing findings or PII. If you want, I can point out specific lines in the scripts that read .env/config files, where files are written, and where you should add encryption or access controls.
功能分析
Type: OpenClaw Skill
Name: gdpr-dsgvo-expert
Version: 2.1.1
The gdpr-dsgvo-expert bundle provides legitimate tools for GDPR and German DSGVO compliance automation, including a codebase scanner, DPIA generator, and rights request tracker. The Python scripts (gdpr_compliance_checker.py, dpia_generator.py, and data_subject_rights_tracker.py) use standard libraries to perform local file analysis and data management without any network activity, obfuscation, or unauthorized data access. The instructions in SKILL.md are consistent with the tool's stated purpose and do not contain prompt injection attempts or malicious commands.
能力评估
Purpose & Capability
Name/description (GDPR/DSGVO automation) align with the included scripts and reference docs. The three scripts implement a compliance scanner, DPIA generator, and DSR tracker as advertised; no unrelated credentials, binaries, or unexpected OS-level access are requested.
Instruction Scope
SKILL.md instructs the agent/user to scan arbitrary project directories and run the included scripts. This is expected, but the scanner will read many file types (including .env and config files) and the DSR tracker persists requests to a local JSON file; both behaviors can surface sensitive data and should be run only on repositories/systems you control.
Install Mechanism
No install spec is provided (instruction-only), and the code files are plain Python scripts. Nothing is downloaded or installed automatically as part of the skill, so there is low install risk. The user runs the scripts explicitly.
Credentials
The skill declares no required environment variables or credentials and does not appear to access system credentials. The scanner intentionally examines files (including .env and config files) which is proportionate to scanning for personal data but means it can surface secrets if run against sensitive directories.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does create and update local artifacts (e.g., dsr_requests.json, report files) in the working directory; these are normal but note they are stored in plaintext by the included scripts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gdpr-dsgvo-expert - 安装完成后,直接呼叫该 Skill 的名称或使用
/gdpr-dsgvo-expert触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release of GDPR/DSGVO Expert – automation tools and guidance for EU and German data protection compliance.
- Scans codebases for GDPR privacy risks and provides compliance scores with actionable recommendations.
- Generates Data Protection Impact Assessments (DPIA) with markdown reports based on Art. 35 requirements.
- Tracks data subject rights requests (access, rectification, erasure, etc.) with deadline alerts and response templates.
- Includes step-by-step workflows for compliance checks, DPIA generation, and German BDSG-specific requirements.
- Provides comprehensive reference guides for GDPR, BDSG, and DPIA methodologies.
元数据
常见问题
Gdpr Dsgvo Expert 是什么?
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GD... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1916 次。
如何安装 Gdpr Dsgvo Expert?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gdpr-dsgvo-expert」即可一键安装,无需额外配置。
Gdpr Dsgvo Expert 是免费的吗?
是的,Gdpr Dsgvo Expert 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Gdpr Dsgvo Expert 支持哪些平台?
Gdpr Dsgvo Expert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gdpr Dsgvo Expert?
由 Alireza Rezvani(@alirezarezvani)开发并维护,当前版本 v2.1.1。
推荐 Skills