{ "schemaVersion": "1.0", "item": { "slug": "gdpr-dsgvo-expert", "name": "Gdpr Dsgvo Expert", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/alirezarezvani/gdpr-dsgvo-expert", "canonicalUrl": "https://clawhub.ai/alirezarezvani/gdpr-dsgvo-expert", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/gdpr-dsgvo-expert", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=gdpr-dsgvo-expert", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/dpia_methodology.md", "references/gdpr_compliance_guide.md", "references/german_bdsg_requirements.md", "scripts/data_subject_rights_tracker.py", "scripts/dpia_generator.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/gdpr-dsgvo-expert" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/gdpr-dsgvo-expert", "agentPageUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent", "manifestUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent.json", "briefUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "GDPR/DSGVO Expert", "body": "Tools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance." }, { "title": "Table of Contents", "body": "Tools\n\nGDPR Compliance Checker\nDPIA Generator\nData Subject Rights Tracker\n\n\nReference Guides\nWorkflows" }, { "title": "GDPR Compliance Checker", "body": "Scans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.\n\n# Scan a project directory\npython scripts/gdpr_compliance_checker.py /path/to/project\n\n# JSON output for CI/CD integration\npython scripts/gdpr_compliance_checker.py . --json --output report.json\n\nDetects:\n\nPersonal data patterns (email, phone, IP addresses)\nSpecial category data (health, biometric, religion)\nFinancial data (credit cards, IBAN)\nRisky code patterns:\n\nLogging personal data\nMissing consent mechanisms\nIndefinite data retention\nUnencrypted sensitive data\nDisabled deletion functionality\n\nOutput:\n\nCompliance score (0-100)\nRisk categorization (critical, high, medium)\nPrioritized recommendations with GDPR article references" }, { "title": "DPIA Generator", "body": "Generates Data Protection Impact Assessment documentation following Art. 35 requirements.\n\n# Get input template\npython scripts/dpia_generator.py --template > input.json\n\n# Generate DPIA report\npython scripts/dpia_generator.py --input input.json --output dpia_report.md\n\nFeatures:\n\nAutomatic DPIA threshold assessment\nRisk identification based on processing characteristics\nLegal basis requirements documentation\nMitigation recommendations\nMarkdown report generation\n\nDPIA Triggers Assessed:\n\nSystematic monitoring (Art. 35(3)(c))\nLarge-scale special category data (Art. 35(3)(b))\nAutomated decision-making (Art. 35(3)(a))\nWP29 high-risk criteria" }, { "title": "Data Subject Rights Tracker", "body": "Manages data subject rights requests under GDPR Articles 15-22.\n\n# Add new request\npython scripts/data_subject_rights_tracker.py add \\\n --type access --subject \"John Doe\" --email \"john@example.com\"\n\n# List all requests\npython scripts/data_subject_rights_tracker.py list\n\n# Update status\npython scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified\n\n# Generate compliance report\npython scripts/data_subject_rights_tracker.py report --output compliance.json\n\n# Generate response template\npython scripts/data_subject_rights_tracker.py template --id DSR-202601-0001\n\nSupported Rights:\n\nRightArticleDeadlineAccessArt. 1530 daysRectificationArt. 1630 daysErasureArt. 1730 daysRestrictionArt. 1830 daysPortabilityArt. 2030 daysObjectionArt. 2130 daysAutomated decisionsArt. 2230 days\n\nFeatures:\n\nDeadline tracking with overdue alerts\nIdentity verification workflow\nResponse template generation\nCompliance reporting" }, { "title": "GDPR Compliance Guide", "body": "references/gdpr_compliance_guide.md\n\nComprehensive implementation guidance covering:\n\nLegal bases for processing (Art. 6)\nSpecial category requirements (Art. 9)\nData subject rights implementation\nAccountability requirements (Art. 30)\nInternational transfers (Chapter V)\nBreach notification (Art. 33-34)" }, { "title": "German BDSG Requirements", "body": "references/german_bdsg_requirements.md\n\nGerman-specific requirements including:\n\nDPO appointment threshold (§ 38 BDSG - 20+ employees)\nEmployment data processing (§ 26 BDSG)\nVideo surveillance rules (§ 4 BDSG)\nCredit scoring requirements (§ 31 BDSG)\nState data protection laws (Landesdatenschutzgesetze)\nWorks council co-determination rights" }, { "title": "DPIA Methodology", "body": "references/dpia_methodology.md\n\nStep-by-step DPIA process:\n\nThreshold assessment criteria\nWP29 high-risk indicators\nRisk assessment methodology\nMitigation measure categories\nDPO and supervisory authority consultation\nTemplates and checklists" }, { "title": "Workflow 1: New Processing Activity Assessment", "body": "Step 1: Run compliance checker on codebase\n → python scripts/gdpr_compliance_checker.py /path/to/code\n\nStep 2: Review findings and compliance score\n → Address critical and high issues\n\nStep 3: Determine if DPIA required\n → Check references/dpia_methodology.md threshold criteria\n\nStep 4: If DPIA required, generate assessment\n → python scripts/dpia_generator.py --template > input.json\n → Fill in processing details\n → python scripts/dpia_generator.py --input input.json --output dpia.md\n\nStep 5: Document in records of processing activities" }, { "title": "Workflow 2: Data Subject Request Handling", "body": "Step 1: Log request in tracker\n → python scripts/data_subject_rights_tracker.py add --type [type] ...\n\nStep 2: Verify identity (proportionate measures)\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update verified\n\nStep 3: Gather data from systems\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update in_progress\n\nStep 4: Generate response\n → python scripts/data_subject_rights_tracker.py template --id [ID]\n\nStep 5: Send response and complete\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update completed\n\nStep 6: Monitor compliance\n → python scripts/data_subject_rights_tracker.py report" }, { "title": "Workflow 3: German BDSG Compliance Check", "body": "Step 1: Determine if DPO required\n → 20+ employees processing personal data automatically\n → OR processing requires DPIA\n → OR business involves data transfer/market research\n\nStep 2: If employees involved, review § 26 BDSG\n → Document legal basis for employee data\n → Check works council requirements\n\nStep 3: If video surveillance, comply with § 4 BDSG\n → Install signage\n → Document necessity\n → Limit retention\n\nStep 4: Register DPO with supervisory authority\n → See references/german_bdsg_requirements.md for authority list" }, { "title": "Legal Bases (Art. 6)", "body": "Consent: Marketing, newsletters, analytics (must be freely given, specific, informed)\nContract: Order fulfillment, service delivery\nLegal obligation: Tax records, employment law\nLegitimate interests: Fraud prevention, security (requires balancing test)" }, { "title": "Special Category Data (Art. 9)", "body": "Requires explicit consent or Art. 9(2) exception:\n\nHealth data\nBiometric data\nRacial/ethnic origin\nPolitical opinions\nReligious beliefs\nTrade union membership\nGenetic data\nSexual orientation" }, { "title": "Data Subject Rights", "body": "All rights must be fulfilled within 30 days (extendable to 90 for complex requests):\n\nAccess: Provide copy of data and processing information\nRectification: Correct inaccurate data\nErasure: Delete data (with exceptions for legal obligations)\nRestriction: Limit processing while issues are resolved\nPortability: Provide data in machine-readable format\nObject: Stop processing based on legitimate interests" }, { "title": "German BDSG Additions", "body": "TopicBDSG SectionKey RequirementDPO threshold§ 3820+ employees = mandatory DPOEmployment§ 26Detailed employee data rulesVideo§ 4Signage and proportionalityScoring§ 31Explainable algorithms" } ], "body": "GDPR/DSGVO Expert\n\nTools and guidance for EU General Data Protection Regulation (GDPR) and German Bundesdatenschutzgesetz (BDSG) compliance.\n\nTable of Contents\nTools\nGDPR Compliance Checker\nDPIA Generator\nData Subject Rights Tracker\nReference Guides\nWorkflows\nTools\nGDPR Compliance Checker\n\nScans codebases for potential GDPR compliance issues including personal data patterns and risky code practices.\n\n# Scan a project directory\npython scripts/gdpr_compliance_checker.py /path/to/project\n\n# JSON output for CI/CD integration\npython scripts/gdpr_compliance_checker.py . --json --output report.json\n\n\nDetects:\n\nPersonal data patterns (email, phone, IP addresses)\nSpecial category data (health, biometric, religion)\nFinancial data (credit cards, IBAN)\nRisky code patterns:\nLogging personal data\nMissing consent mechanisms\nIndefinite data retention\nUnencrypted sensitive data\nDisabled deletion functionality\n\nOutput:\n\nCompliance score (0-100)\nRisk categorization (critical, high, medium)\nPrioritized recommendations with GDPR article references\nDPIA Generator\n\nGenerates Data Protection Impact Assessment documentation following Art. 35 requirements.\n\n# Get input template\npython scripts/dpia_generator.py --template > input.json\n\n# Generate DPIA report\npython scripts/dpia_generator.py --input input.json --output dpia_report.md\n\n\nFeatures:\n\nAutomatic DPIA threshold assessment\nRisk identification based on processing characteristics\nLegal basis requirements documentation\nMitigation recommendations\nMarkdown report generation\n\nDPIA Triggers Assessed:\n\nSystematic monitoring (Art. 35(3)(c))\nLarge-scale special category data (Art. 35(3)(b))\nAutomated decision-making (Art. 35(3)(a))\nWP29 high-risk criteria\nData Subject Rights Tracker\n\nManages data subject rights requests under GDPR Articles 15-22.\n\n# Add new request\npython scripts/data_subject_rights_tracker.py add \\\n --type access --subject \"John Doe\" --email \"john@example.com\"\n\n# List all requests\npython scripts/data_subject_rights_tracker.py list\n\n# Update status\npython scripts/data_subject_rights_tracker.py status --id DSR-202601-0001 --update verified\n\n# Generate compliance report\npython scripts/data_subject_rights_tracker.py report --output compliance.json\n\n# Generate response template\npython scripts/data_subject_rights_tracker.py template --id DSR-202601-0001\n\n\nSupported Rights:\n\nRight\tArticle\tDeadline\nAccess\tArt. 15\t30 days\nRectification\tArt. 16\t30 days\nErasure\tArt. 17\t30 days\nRestriction\tArt. 18\t30 days\nPortability\tArt. 20\t30 days\nObjection\tArt. 21\t30 days\nAutomated decisions\tArt. 22\t30 days\n\nFeatures:\n\nDeadline tracking with overdue alerts\nIdentity verification workflow\nResponse template generation\nCompliance reporting\nReference Guides\nGDPR Compliance Guide\n\nreferences/gdpr_compliance_guide.md\n\nComprehensive implementation guidance covering:\n\nLegal bases for processing (Art. 6)\nSpecial category requirements (Art. 9)\nData subject rights implementation\nAccountability requirements (Art. 30)\nInternational transfers (Chapter V)\nBreach notification (Art. 33-34)\nGerman BDSG Requirements\n\nreferences/german_bdsg_requirements.md\n\nGerman-specific requirements including:\n\nDPO appointment threshold (§ 38 BDSG - 20+ employees)\nEmployment data processing (§ 26 BDSG)\nVideo surveillance rules (§ 4 BDSG)\nCredit scoring requirements (§ 31 BDSG)\nState data protection laws (Landesdatenschutzgesetze)\nWorks council co-determination rights\nDPIA Methodology\n\nreferences/dpia_methodology.md\n\nStep-by-step DPIA process:\n\nThreshold assessment criteria\nWP29 high-risk indicators\nRisk assessment methodology\nMitigation measure categories\nDPO and supervisory authority consultation\nTemplates and checklists\nWorkflows\nWorkflow 1: New Processing Activity Assessment\nStep 1: Run compliance checker on codebase\n → python scripts/gdpr_compliance_checker.py /path/to/code\n\nStep 2: Review findings and compliance score\n → Address critical and high issues\n\nStep 3: Determine if DPIA required\n → Check references/dpia_methodology.md threshold criteria\n\nStep 4: If DPIA required, generate assessment\n → python scripts/dpia_generator.py --template > input.json\n → Fill in processing details\n → python scripts/dpia_generator.py --input input.json --output dpia.md\n\nStep 5: Document in records of processing activities\n\nWorkflow 2: Data Subject Request Handling\nStep 1: Log request in tracker\n → python scripts/data_subject_rights_tracker.py add --type [type] ...\n\nStep 2: Verify identity (proportionate measures)\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update verified\n\nStep 3: Gather data from systems\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update in_progress\n\nStep 4: Generate response\n → python scripts/data_subject_rights_tracker.py template --id [ID]\n\nStep 5: Send response and complete\n → python scripts/data_subject_rights_tracker.py status --id [ID] --update completed\n\nStep 6: Monitor compliance\n → python scripts/data_subject_rights_tracker.py report\n\nWorkflow 3: German BDSG Compliance Check\nStep 1: Determine if DPO required\n → 20+ employees processing personal data automatically\n → OR processing requires DPIA\n → OR business involves data transfer/market research\n\nStep 2: If employees involved, review § 26 BDSG\n → Document legal basis for employee data\n → Check works council requirements\n\nStep 3: If video surveillance, comply with § 4 BDSG\n → Install signage\n → Document necessity\n → Limit retention\n\nStep 4: Register DPO with supervisory authority\n → See references/german_bdsg_requirements.md for authority list\n\nKey GDPR Concepts\nLegal Bases (Art. 6)\nConsent: Marketing, newsletters, analytics (must be freely given, specific, informed)\nContract: Order fulfillment, service delivery\nLegal obligation: Tax records, employment law\nLegitimate interests: Fraud prevention, security (requires balancing test)\nSpecial Category Data (Art. 9)\n\nRequires explicit consent or Art. 9(2) exception:\n\nHealth data\nBiometric data\nRacial/ethnic origin\nPolitical opinions\nReligious beliefs\nTrade union membership\nGenetic data\nSexual orientation\nData Subject Rights\n\nAll rights must be fulfilled within 30 days (extendable to 90 for complex requests):\n\nAccess: Provide copy of data and processing information\nRectification: Correct inaccurate data\nErasure: Delete data (with exceptions for legal obligations)\nRestriction: Limit processing while issues are resolved\nPortability: Provide data in machine-readable format\nObject: Stop processing based on legitimate interests\nGerman BDSG Additions\nTopic\tBDSG Section\tKey Requirement\nDPO threshold\t§ 38\t20+ employees = mandatory DPO\nEmployment\t§ 26\tDetailed employee data rules\nVideo\t§ 4\tSignage and proportionality\nScoring\t§ 31\tExplainable algorithms" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/alirezarezvani/gdpr-dsgvo-expert", "publisherUrl": "https://clawhub.ai/alirezarezvani/gdpr-dsgvo-expert", "owner": "alirezarezvani", "version": "2.1.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert", "downloadUrl": "https://openagent3.xyz/downloads/gdpr-dsgvo-expert", "agentUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent", "manifestUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent.json", "briefUrl": "https://openagent3.xyz/skills/gdpr-dsgvo-expert/agent.md" } }