mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
62 lines
2.1 KiB
Markdown
62 lines
2.1 KiB
Markdown
# API Reference: Implementing GDPR Data Protection Controls
|
|
|
|
## Key GDPR Articles
|
|
|
|
| Article | Requirement | Technical Control |
|
|
|---------|-------------|-------------------|
|
|
| Art 5 | Processing principles | Data minimization, retention policies |
|
|
| Art 25 | Privacy by design | Default privacy settings |
|
|
| Art 30 | Records of processing | ROPA documentation system |
|
|
| Art 32 | Security of processing | Encryption, access controls, testing |
|
|
| Art 33 | Breach notification | 72-hour DPA notification |
|
|
| Art 35 | DPIA | Impact assessment for high-risk processing |
|
|
|
|
## Data Subject Rights (Art 12-22)
|
|
|
|
| Right | Article | SLA |
|
|
|-------|---------|-----|
|
|
| Access | Art 15 | 1 month |
|
|
| Rectification | Art 16 | 1 month |
|
|
| Erasure | Art 17 | 1 month |
|
|
| Portability | Art 20 | 1 month |
|
|
| Object | Art 21 | Without undue delay |
|
|
|
|
## PII Detection Patterns
|
|
|
|
```python
|
|
import re
|
|
patterns = {
|
|
"email": r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b",
|
|
"iban": r"\b[A-Z]{2}\d{2}[A-Z0-9]{11,30}\b",
|
|
"ip_address": r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b",
|
|
}
|
|
```
|
|
|
|
## ROPA Required Fields (Art 30)
|
|
|
|
| Field | Description |
|
|
|-------|-------------|
|
|
| controller_name | Data controller identity |
|
|
| purposes | Processing purposes |
|
|
| data_categories | Types of personal data |
|
|
| data_subjects | Categories of data subjects |
|
|
| recipients | Data recipients |
|
|
| transfers | Cross-border transfers |
|
|
| retention_periods | Data retention schedules |
|
|
| security_measures | Art 32 controls |
|
|
|
|
## Cross-Border Transfer Mechanisms (Art 44-49)
|
|
|
|
| Mechanism | Use Case |
|
|
|-----------|----------|
|
|
| Adequacy Decision | Transfer to adequate countries (Art 45) |
|
|
| Standard Contractual Clauses (SCCs) | Most common mechanism (Art 46) |
|
|
| Binding Corporate Rules (BCRs) | Intra-group transfers (Art 47) |
|
|
| Derogations | Consent, contract necessity (Art 49) |
|
|
|
|
### References
|
|
|
|
- GDPR Official Text: https://gdpr-info.eu/
|
|
- EDPB Guidelines: https://edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en
|
|
- ICO GDPR Guide: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
|