Privacy Compliance Guide

Audit your ecommerce store's data collection, storage, and processing practices against major privacy regulations including GDPR, CCPA/CPRA, LGPD, PIPEDA, and other regional frameworks. This skill identifies compliance gaps in your current setup, prioritizes remediation actions by risk level, and generates the specific policy language and technical recommendations needed to bring your store into compliance. Privacy violations carry significant financial penalties and reputational damage, making proactive compliance essential for any ecommerce business handling customer data.

Use when

• You are launching an ecommerce store and need to ensure your data collection practices, cookie banners, and privacy policies comply with GDPR, CCPA, or other applicable privacy regulations before going live
• You have received a customer data subject access request (DSAR) or deletion request and need guidance on how to respond within regulatory timelines and documentation requirements
• You are expanding into new markets like the EU or Brazil and need to understand what additional privacy obligations apply to your ecommerce operations in those jurisdictions
• You want to audit your current Shopify, WooCommerce, or custom storefront for privacy compliance gaps including tracking pixels, third-party integrations, and email marketing data flows

What this skill does

This skill takes your ecommerce store's data practices as input and systematically evaluates them against the requirements of applicable privacy regulations. It maps every data touchpoint in your customer journey — from website tracking and cookie consent through checkout data collection, email marketing, and post-purchase analytics — against regulatory requirements. The analysis covers lawful bases for processing, data minimization principles, consent mechanisms, cross-border data transfer safeguards, data retention policies, and data subject rights fulfillment processes. It then produces a prioritized remediation plan with specific implementation steps, draft policy language, and technical configuration recommendations for common ecommerce platforms.

Inputs required

• Store platform and integrations (required): Your ecommerce platform and key third-party tools that handle customer data. Example: "Shopify Plus with Klaviyo email, Meta Pixel, Google Analytics 4, Stripe payments, and Zendesk support"
• Target markets (required): Countries or regions where you sell and ship products. Example: "United States, EU (Germany, France, Netherlands), United Kingdom, Canada"
• Data collection points (required): Describe what customer data you collect and where. Example: "email at newsletter signup, name/address/phone at checkout, browsing behavior via GA4 and Meta Pixel, purchase history stored in Klaviyo"
• Current privacy measures (optional): Describe any existing privacy policies, cookie consent tools, or compliance measures you already have in place
• Specific concerns (optional): Any particular compliance questions or recent issues such as a DSAR you need to respond to, a regulatory inquiry, or expansion into a new jurisdiction

Output format

The output is structured into five sections. First, a Regulatory Applicability Matrix that identifies which privacy laws apply to your business based on your target markets and data practices, with a brief summary of each regulation's key requirements. Second, a Data Flow Audit that maps each data touchpoint in your customer journey against compliance requirements, flagging gaps with severity ratings of Critical, High, Medium, or Low. Third, a Remediation Action Plan listing specific steps to address each gap, ordered by priority, with estimated implementation effort and platform-specific instructions where applicable. Fourth, a Policy Language Kit containing draft privacy policy sections, cookie consent banner text, and data processing agreement clauses tailored to your specific situation. Fifth, a Compliance Maintenance Checklist with ongoing monitoring tasks, review schedules, and trigger events that should prompt a compliance reassessment.

Scope

• Designed for: Ecommerce operators, store owners, DTC brand managers, and compliance officers at small to mid-size online businesses
• Platform context: Platform-agnostic with specific guidance available for Shopify, WooCommerce, BigCommerce, Magento, and custom builds
• Language: English

Limitations

• Does not constitute legal advice — generated guidance should be reviewed by a qualified privacy attorney before implementation, especially for businesses handling sensitive personal data categories
• Cannot access or scan your live website or store — relies on the data practices you describe as inputs, so completeness depends on the accuracy of your description
• Covers major privacy frameworks like GDPR, CCPA, CPRA, LGPD, and PIPEDA but may not address highly specialized sector-specific regulations such as HIPAA for health products or COPPA for children's products without explicit input about those categories