gdpr-compliance

guia-matthieu

Mis à jour Yesterday

6 vues

111

Autredata

À propos

Cette compétence aide les développeurs à mettre en œuvre des fonctionnalités marketing conformes au RGPD en fournissant des conseils sur la gestion des consentements, les mentions d'information et les droits des personnes concernées. Elle est utile lors de la conception des flux de consentement, de l'audit des pratiques de données ou du traitement des demandes des utilisateurs. L'outil explique les exigences spécifiques du RGPD en se basant sur les articles officiels et les lignes directrices, tandis que les développeurs prennent les décisions finales de mise en œuvre.

Installation rapide

Claude Code

Recommandé

Principal

npx skills add guia-matthieu/clawfu-skills -a claude-code

Commande PluginAlternatif

/plugin add https://github.com/guia-matthieu/clawfu-skills

Git CloneAlternatif

git clone https://github.com/guia-matthieu/clawfu-skills.git ~/.claude/skills/gdpr-compliance

Copiez et collez cette commande dans Claude Code pour installer cette compétence

Documentation

GDPR Compliance for Marketing

Ensure your marketing activities comply with GDPR requirements for consent, data processing, and privacy rights.

When to Use This Skill

Designing consent collection flows
Writing privacy notices
Auditing marketing data practices
Handling data subject requests
Documenting lawful basis

Methodology Foundation

Based on GDPR Articles 6, 7, 12-23 and EDPB Guidelines, covering:

Lawful basis determination
Consent requirements
Transparency obligations
Data subject rights
Documentation requirements

What Claude Does vs What You Decide

Claude Does	You Decide
Explains GDPR requirements	Business risk tolerance
Drafts compliant language	Implementation priority
Identifies gaps	Legal interpretation
Creates documentation	DPO consultation needs
Suggests controls	Resource allocation

Instructions

Step 1: Lawful Basis Assessment

Six Lawful Bases (Article 6):

Basis	Marketing Use	Documentation Needed
Consent	Email marketing, cookies, tracking	Consent records
Contract	Customer communications	Contract terms
Legitimate Interest	Soft opt-in, B2B marketing	LIA document
Legal Obligation	Regulatory comms	Legal reference
Vital Interest	Rarely applicable	-
Public Task	Rarely applicable	-

Marketing Activity Mapping:

Activity	Typical Basis	Requirements
Email newsletter	Consent	Double opt-in, easy unsubscribe
Existing customer upsell	Legitimate Interest	LIA, opt-out available
Cold B2B outreach	Legitimate Interest	LIA, clear identity
Website cookies	Consent	Banner, granular choices
Retargeting ads	Consent	Cookie consent
Lead magnets	Consent	Clear purpose, separate consent

Step 2: Consent Requirements

Valid Consent Criteria (Article 7):

Requirement	What It Means	Example
Freely given	No bundling, no penalty	Separate from T&Cs
Specific	Clear purpose stated	"Marketing emails about [X]"
Informed	Who, what, why explained	Privacy notice linked
Unambiguous	Clear affirmative action	Unchecked checkbox
Withdrawable	Easy to revoke	One-click unsubscribe

Consent Record Requirements:

Record for each consent:
- Who consented (identifier)
- When (timestamp)
- What they consented to (purpose)
- How (mechanism)
- What they were told (notice version)

Step 3: Privacy Notice Requirements

Required Elements (Articles 13-14):

Element	First-Party Data	Third-Party Data
Controller identity	Required	Required
DPO contact	If applicable	If applicable
Purposes	Required	Required
Lawful basis	Required	Required
Recipients	Required	Required
Transfers	If applicable	If applicable
Retention	Required	Required
Rights	Required	Required
Withdrawal	If consent	If consent
Complaint right	Required	Required
Source	N/A	Required

Step 4: Data Subject Rights

Rights Framework:

Right	Timeline	Marketing Impact
Access (Art. 15)	1 month	Provide all marketing data
Rectification (Art. 16)	1 month	Update preferences
Erasure (Art. 17)	1 month	Remove from lists
Restriction (Art. 18)	1 month	Pause processing
Portability (Art. 20)	1 month	Export in machine format
Objection (Art. 21)	Immediate for marketing	Stop direct marketing

Step 5: Documentation & Records

Required Documentation:

Records of Processing Activities (ROPA)
Legitimate Interest Assessments
Consent records and mechanisms
Privacy notices (versioned)
Data Subject Request log
Breach notification procedures

Examples

Example 1: Marketing Email Consent Flow

Input:

Design a GDPR-compliant consent flow for:
- SaaS product newsletter
- Product updates
- Promotional offers
- Third-party partner offers

Output:

## GDPR-Compliant Email Consent Flow

### Consent Collection UI

---

**Signup Form Fields:**

Email: [________________]

[ ] I agree to receive the monthly newsletter with industry insights [ ] I agree to receive product updates and feature announcements [ ] I agree to receive promotional offers and discounts [ ] I agree to receive relevant offers from our trusted partners

[Sign Up]

By signing up, you confirm you've read our [Privacy Notice]. You can withdraw consent anytime via unsubscribe link or contacting us.


**Design Requirements:**
- All checkboxes unchecked by default
- No "select all" option
- Each purpose separate
- Privacy notice linked, not buried
- No dark patterns

---

### Consent Record Structure

```json
{
  "email": "[email protected]",
  "consents": [
    {
      "purpose": "newsletter",
      "granted": true,
      "timestamp": "2026-01-31T10:30:00Z",
      "source": "signup_form_v3",
      "notice_version": "privacy_v2.1"
    },
    {
      "purpose": "product_updates",
      "granted": true,
      "timestamp": "2026-01-31T10:30:00Z",
      "source": "signup_form_v3",
      "notice_version": "privacy_v2.1"
    },
    {
      "purpose": "promotional",
      "granted": false,
      "timestamp": null,
      "source": null,
      "notice_version": null
    },
    {
      "purpose": "third_party",
      "granted": false,
      "timestamp": null,
      "source": null,
      "notice_version": null
    }
  ],
  "ip_address": "192.168.1.1",
  "user_agent": "Mozilla/5.0..."
}

Email Footer (Required)

---
You're receiving this because you subscribed to our [newsletter/updates].

Manage preferences: [link]
Unsubscribe from this list: [link]
Unsubscribe from all: [link]

[Company Name]
[Address]
[Contact Email]

Preference Center

Subscription	Status	Action
Monthly Newsletter	[ON/OFF]	Industry insights and tips
Product Updates	[ON/OFF]	New features and improvements
Promotional Offers	[ON/OFF]	Discounts and special deals
Partner Offers	[ON/OFF]	Relevant third-party offers

[Update Preferences] [Unsubscribe from All]

Compliance Checklist

All consents granular (separate checkboxes)
Checkboxes unchecked by default
Clear description of each purpose
Privacy notice accessible
Withdrawal mechanism clear
Consent records stored
Double opt-in implemented
Unsubscribe in every email
Preference center available


### Example 2: Legitimate Interest Assessment

**Input:**

We want to email our existing customers about related products. Do we need consent or can we use legitimate interest?


**Output:**

Legitimate Interest Assessment: Customer Cross-Sell

Summary

You can likely rely on legitimate interest (not consent) for emailing existing customers about similar products, but must complete this assessment and offer easy opt-out.

Three-Part LIA Test

1. Purpose Test: Is There a Legitimate Interest?

Interest: Promote related products to existing customers Legitimacy: Yes - recognized business interest in customer development Benefit: Revenue growth, customer relationship deepening

✅ PASS

2. Necessity Test: Is Processing Necessary?

Question	Answer
Is email necessary to achieve the interest?	Yes - direct communication channel
Is there a less intrusive way?	In-app notifications possible but less effective
Is the processing proportionate?	Yes - limited frequency, relevant content

✅ PASS (with conditions)

Conditions:

Limit to genuinely related products
Reasonable frequency (not daily)
Honor opt-outs immediately

3. Balancing Test: Individual Rights vs. Your Interest

Factor	Assessment
Nature of data	Basic contact info - low sensitivity
Reasonable expectations	Customers expect marketing from sellers
Relationship	Existing customer relationship
Impact on individual	Minor inconvenience, easy to opt out
Safeguards	Opt-out in every email

✅ PASS

Conclusion

Lawful Basis: Legitimate Interest (Article 6(1)(f))

Requirements for Compliance:

Document this LIA and keep on file
Include in privacy notice: "We may contact existing customers about similar products based on legitimate interest. You can opt out at any time."
Easy opt-out: Every email must have unsubscribe
Honor preferences: Immediate suppression on opt-out
Similar products only: Don't expand to unrelated offerings
Reasonable frequency: No more than weekly

Template Email Footer

You're receiving this as a valued [Company] customer.

Not interested in product updates?
[Opt out of marketing] | [Manage preferences]

This email was sent based on our legitimate interest in keeping
customers informed about relevant products. See our Privacy Notice
for details and your rights.

When This Doesn't Apply

Use consent instead if:

Products are significantly different
Customer bought once 2+ years ago
You acquired data from third party
Customer previously opted out
Emails are primarily promotional (not informational)


## Skill Boundaries

### What This Skill Does Well
- Explaining GDPR requirements
- Drafting compliant language
- Creating documentation templates
- Identifying compliance gaps

### What This Skill Cannot Do
- Provide legal advice
- Know your specific jurisdiction nuances
- Guarantee regulatory acceptance
- Replace DPO consultation

### When to Escalate to Human
- Complex cross-border transfers
- Regulatory investigation
- Data breach response
- Novel processing activities

## Iteration Guide

**Follow-up Prompts:**
- "Draft the privacy notice section for [activity]"
- "How do we handle a right to erasure request?"
- "What documentation do we need for [processing]?"
- "Is this cookie banner compliant?"

## References

- GDPR Text (Regulation 2016/679)
- EDPB Guidelines on Consent
- ICO Direct Marketing Guidance
- CNIL Cookie Guidelines

## Related Skills

- `terms-analyzer` - Terms of service review
- `contract-review` - DPA analysis
- `nda-generator` - Confidentiality

## Skill Metadata

- **Domain**: Legal / Marketing
- **Complexity**: Intermediate
- **Mode**: centaur
- **Time to Value**: 1-2 hours per assessment
- **Prerequisites**: Basic GDPR familiarity

Dépôt GitHub

guia-matthieu/clawfu-skills

Chemin: skills/legal/gdpr-compliance

ai-skillsanthropicclaude-codeclaude-skillsmarketingmcp-server

Compétences associées

llamaguard

Autre

LlamaGuard est le modèle de Meta, doté de 7 à 8 milliards de paramètres, conçu pour modérer les entrées et sorties des LLM selon six catégories de sécurité comme la violence et les discours haineux. Il offre une précision de 94 à 95 % et peut être déployé avec vLLM, Hugging Face ou Amazon SageMaker. Utilisez cette compétence pour intégrer facilement le filtrage de contenu et des garde-fous de sécurité dans vos applications d'IA.

Voir la compétence

cost-optimization

Autre

Cette compétence de Claude aide les développeurs à optimiser les coûts du cloud grâce au redimensionnement des ressources, aux stratégies d'étiquetage et à l'analyse des dépenses. Elle fournit un cadre pour réduire les dépenses cloud et mettre en œuvre une gouvernance des coûts sur AWS, Azure et GCP. Utilisez-la lorsque vous devez analyser les coûts d'infrastructure, redimensionner les ressources ou respecter des contraintes budgétaires.

Voir la compétence

quantizing-models-bitsandbytes

Autre

Cette compétence quantifie les LLMs en précision 8 bits ou 4 bits à l'aide de bitsandbytes, permettant une réduction de 50 à 75 % de la mémoire utilisée avec une perte de précision minime. Elle est idéale pour exécuter des modèles plus volumineux sur une mémoire GPU limitée ou pour accélérer l'inférence, prenant en charge des formats comme INT8, NF4 et FP4. La compétence s'intègre à HuggingFace Transformers et permet l'entraînement QLoRA ainsi que l'utilisation d'optimiseurs en 8 bits.

Voir la compétence

dispatching-parallel-agents

Autre

Cette compétence Claude déploie plusieurs agents pour enquêter et résoudre simultanément 3 problèmes indépendants ou plus. Elle est conçue pour des scénarios impliquant des défaillances non liées qui peuvent être résolues sans état partagé ni dépendances. La capacité fondamentale est la résolution de problèmes en parallèle, en assignant un agent par domaine problématique indépendant afin de maximiser l'efficacité.

Voir la compétence