playbooks

home / skills / williamzujkowski / standards / gdpr

gdpr skill

/skills/compliance/gdpr

This skill helps you implement GDPR best practices in compliance environments, emphasizing secure defaults, thorough testing, and maintainable, observable data

npx playbooks add skill williamzujkowski/standards --skill gdpr

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
1.9 KB
---
name: gdpr
description: Gdpr standards for gdpr in Compliance environments. Covers best practices,
---

# Gdpr

> **Quick Navigation:**
> Level 1: [Quick Start](#level-1-quick-start) (5 min) → Level 2: [Implementation](#level-2-implementation) (30 min) → Level 3: [Mastery](#level-3-mastery-resources) (Extended)

---

## Level 1: Quick Start

### Core Principles

1. **Best Practices**: Follow industry-standard patterns for compliance
2. **Security First**: Implement secure defaults and validate all inputs
3. **Maintainability**: Write clean, documented, testable code
4. **Performance**: Optimize for common use cases

### Essential Checklist

- [ ] Follow established patterns for compliance
- [ ] Implement proper error handling
- [ ] Add comprehensive logging
- [ ] Write unit and integration tests
- [ ] Document public interfaces

### Quick Links to Level 2

- [Core Concepts](#core-concepts)
- [Implementation Patterns](#implementation-patterns)
- [Common Pitfalls](#common-pitfalls)

---

## Level 2: Implementation

### Core Concepts

This skill covers essential practices for compliance.

**Key areas include:**

- Architecture patterns
- Implementation best practices
- Testing strategies
- Performance optimization

### Implementation Patterns

Apply these patterns when working with compliance:

1. **Pattern Selection**: Choose appropriate patterns for your use case
2. **Error Handling**: Implement comprehensive error recovery
3. **Monitoring**: Add observability hooks for production

### Common Pitfalls

Avoid these common mistakes:

- Skipping validation of inputs
- Ignoring edge cases
- Missing test coverage
- Poor documentation

---

## Level 3: Mastery Resources

### Reference Materials

- [Related Standards](../../docs/standards/)
- [Best Practices Guide](../../docs/guides/)

### Templates

See the `templates/` directory for starter configurations.

### External Resources

Consult official documentation and community best practices for compliance.

Overview

This skill codifies GDPR standards and practical patterns for building compliance-ready systems in Python. It provides a focused checklist, implementation patterns, and testing and monitoring guidance to help teams adopt secure, maintainable defaults. The guidance is concise and ready to apply at project start or during audits.

How this skill works

The skill inspects design and implementation choices against GDPR-relevant principles: data minimization, secure defaults, input validation, error handling, logging control, and test coverage. It maps those checks to actionable patterns, templates, and monitoring hooks you can add to services. Use the quick-start checklist to verify core controls, then follow the implementation patterns for production hardening.

When to use it

  • Starting a new project that must meet GDPR or related privacy obligations
  • Reviewing an existing codebase for privacy and compliance gaps
  • Preparing for an audit or formal compliance assessment
  • Designing data flows, storage, or retention policies
  • Implementing logging, error handling, and observability with privacy in mind

Best practices

  • Adopt secure defaults: restrict data collection, use encryption at rest and in transit
  • Validate and sanitize all inputs; treat external data as untrusted
  • Instrument observability with privacy controls: redact PII from logs and limit retention
  • Write unit and integration tests that cover edge cases and error paths
  • Document public interfaces and data contracts, and include retention/erasure procedures

Example use cases

  • Apply the quick-start checklist when scaffolding a new microservice to ensure privacy-by-default
  • Use implementation patterns to design error handling that avoids leaking personal data in responses or logs
  • Integrate monitoring hooks that alert on unusual data access patterns or retention violations
  • Create test suites that simulate data subject requests (access, rectification, erasure) to verify workflow behavior
  • Prepare a compliance-ready deployment package with templates for retention, encryption, and logging settings

FAQ

Is this guidance full legal advice for GDPR compliance?

No. This skill provides technical best practices and development standards; consult legal counsel for binding compliance determinations.

Will following these patterns make my system fully compliant?

They substantially reduce common technical risks and help demonstrate due diligence, but full compliance also requires organizational, policy, and contractual controls.

What languages and frameworks does this target?

The patterns are illustrated for Python projects but the principles apply broadly to other languages and stacks.