Table of content
Scan for GDPR compliance issues
Installation
npx claude-plugins install @jeremylongshore/claude-code-plugins-plus/gdpr-compliance-scanner
Contents
Folders: commands, skills
Files: LICENSE, README.md
Documentation
Scan applications and data systems for GDPR compliance with comprehensive checks for data protection, privacy rights, and regulatory requirements.
Features
- Data Protection Checks - Encryption, anonymization, pseudonymization
- Privacy Rights Verification - Right to access, erasure, portability
- Consent Management - Cookie consent, data processing agreements
- Data Processing Records - Article 30 compliance
- Breach Notification - Incident response readiness
- DPO Requirements - Data Protection Officer duties
Installation
/plugin install gdpr-compliance-scanner@claude-code-plugins-plus
Usage
/scan-gdpr
# Or shortcut
/gdpr
GDPR Compliance Areas
1. Lawful Basis for Processing (Article 6)
- Consent obtained properly
- Contract necessity documented
- Legitimate interests balanced
- Legal obligations met
- Vital interests protected
- Public task authority
2. Data Subject Rights (Articles 12-23)
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
- Rights related to automated decision making
3. Data Protection by Design (Article 25)
- Privacy by default settings
- Data minimization
- Purpose limitation
- Storage limitation
- Integrity and confidentiality
4. Security Measures (Article 32)
- Encryption of personal data
- Pseudonymization where possible
- Regular security testing
- Incident response procedures
- Access controls
- Data backup and recovery
5. Data Protection Impact Assessment (Article 35)
- High-risk processing identified
- DPIA conducted for high-risk activities
- Consultation with DPO
- Mitigation measures implemented
6. International Data Transfers (Chapter V)
- Adequacy decisions verified
- Standard contractual clauses in place
- Binding corporate rules (if applicable)
- Derogations documented
Example Report
GDPR COMPLIANCE SCAN REPORT
============================
Organization: Example Corp
Date: 2025-10-11
Compliance Score: 78% (Needs Improvement)
COMPLIANCE SUMMARY
------------------
Data Protection Principles - 85%
Data Subject Rights - 70%
Security Measures - 90%
Documentation - 65%
Breach Procedures - 80%
CRITICAL GAPS
-------------
1. Right to Data Portability Not Implemented
Article: 20
Risk: HIGH
Issue: No mechanism for users to export their data
Required Implementation:
- API endpoint: GET /api/user/{id}/export
- Response format: JSON or CSV
- Include all personal data
- Deliver within 30 days
Code Example:
app.get('/api/user/:id/export', auth, async (req, res) => {
const userData = await db.getUserData(req.params.id);
res.json({
personal_info: userData.profile,
activities: userData.activities,
preferences: userData.preferences
});
});
2. Cookie Consent Banner Missing
Article: 6(1)(a), Recital 32
Risk: HIGH
Issue: Cookies set without explicit consent
Required Implementation:
- Implement cookie consent banner
- Granular consent options
- Easy withdrawal of consent
- Record consent choices
3. Data Processing Records Incomplete
Article: 30
Risk: MEDIUM
Issue: Missing comprehensive processing records
Required Documentation:
- Purpose of processing
- Categories of data subjects
- Categories of personal data
- Recipients of data
- International transfers
- Retention periods
- Security measures
RECOMMENDATIONS
---------------
Priority 1 (Immediate - 0-30 days):
1. Implement data portability API (40 hours)
2. Deploy cookie consent solution (16 hours)
3. Document all processing activities (24 hours)
4. Update privacy policy (8 hours)
Priority 2 (Short-term - 1-3 months):
5. Conduct Data Protection Impact Assessment (40 hours)
6. Implement automated data deletion (32 hours)
7. Create data breach response procedures (16 hours)
8. Train staff on GDPR requirements (8 hours)
Priority 3 (Medium-term - 3-6 months):
9. Appoint Data Protection Officer (ongoing)
10. Review and update data processing agreements (40 hours)
11. Implement privacy by design in new features (ongoing)
Compliance Checklist
Lawful Processing
- Lawful basis identified for each processing activity
- Consent mechanisms implemented where required
- Consent withdrawal easy and accessible
- Processing records maintained (Article 30)
Transparency
- Privacy policy clear and accessible
- Data collection purposes explained
- Third-party data sharing disclosed
- Retention periods specified
Data Subject Rights
- Access request process documented
- Data portability export functionality
- Deletion request mechanism
- Objection handling process
- Response within 30 days guaranteed
Security
- Personal data encrypted at rest
- Personal data encrypted in tran
…(truncated)
Included Skills
This plugin includes 1 skill definition:
scanning-for-gdpr-compliance
Scan for GDPR compliance issues in data handling and privacy practices. Use when ensuring EU data protection compliance. Trigger with ‘scan GDPR compliance’, ‘check data privacy’, or ‘validate GDPR’.
View skill definition
Gdpr Compliance Scanner
This skill provides automated assistance for gdpr compliance scanner tasks.
Overview
This skill allows Claude to automatically assess an application’s GDPR compliance posture. It provides a comprehensive scan, identifying potential violations and offering actionable recommendations to improve compliance. The skill simplifies the complex process of GDPR auditing, making it easier to identify and address critical gaps.
How It Works
- Initiate Scan: The user requests a GDPR compliance scan using natural language.
- Plugin Activation: Claude activates the
gdpr-compliance-scannerplugin. - Compliance Assessment: The plugin scans the application or system based on GDPR requirements.
- Report Generation: A detailed report is generated, highlighting compliance scores, critical gaps, and recommended actions.
When to Use This Skill
This skill activates when you need to:
- Assess an application’s GDPR compliance.
- Identify potential GDPR violations.
- Generate a report outlining compliance gaps and recommendations.
- Audit data processing activities for adherence to GDPR principles.
Examples
Example 1: Assess GDPR Compliance of a Web Application
User request: “Scan my web application for GDPR compliance.”
The skill will:
- Activate the
gdpr-compliance-scannerplugin. - Scan the web application for GDPR compliance issues related to data collection, storage, and processing.
- Generate a report highlighting co
…(truncated)