Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
Files2
@skills/gdpr-data-handling/SKILL.md
@skills/gdpr-data-handling/references/details.md
GDPR Data Handling
Practical implementation guide for GDPR-compliant data processing, consent management, and privacy controls.
When to Use This Skill
Building systems that process EU personal data
Implementing consent management
Handling data subject requests (DSRs)
Conducting GDPR compliance reviews
Designing privacy-first architectures
Creating data processing agreements
Core Concepts
1. Personal Data Categories
Category
Examples
Protection Level
Basic
Name, email, phone
Standard
Sensitive (Art. 9)
Health, religion, ethnicity
Explicit consent
Criminal (Art. 10)
Convictions, offenses
Official authority
Children's
Under 16 data
Parental consent
2. Legal Bases for Processing
text
Article 6 - Lawful Bases:├── Consent: Freely given, specific, informed├── Contract: Necessary for contract performance├── Legal Obligation: Required by law├── Vital Interests: Protecting someone's life├── Public Interest: Official functions└── Legitimate Interest: Balanced against rights
3. Data Subject Rights
text
Right to Access (Art. 15) ─┐Right to Rectification (Art. 16) │Right to Erasure (Art. 17) │ Must respondRight to Restrict (Art. 18) │ within 1 monthRight to Portability (Art. 20) │Right to Object (Art. 21) ─┘
Detailed worked examples and patterns
Detailed sections (starting with ## Implementation Patterns) live in references/details.md. Read that file when the navigation summary above is insufficient.
Best Practices
Do's
Minimize data collection - Only collect what's needed