The Privacy Impact Assessment Guide skill assists users in creating professional privacy impact assessments (PIA) and data protection impact assessments (DPIA). It processes raw context data, inventories, and system architectures, guiding users through the identification of privacy risks. This skill enables the mapping of data flows from collection to deletion and aids in building documentation that is ready for audits, ensuring regulatory compliance. Acting as a privacy architect, it collects inputs regarding data subjects, categories, and purposes, aligning them with selected regulatory frameworks such as GDPR, CCPA/CPRA, and NIST. The skill flags high-risk activities, such as cross-border transfers and automated decision-making, maintaining a strict boundary regarding unauthorized legal advice. Users receive comprehensive markdown or text reports featuring PIA screenings, processing activity profiles, data flow summaries, remediation trackers, and evidence checklists. These structured outputs allow organizations to streamline compliance efforts and communicate effectively with internal stakeholders and regulators about privacy management practices.
Privacy Impact Assessment Guide
Generate audit-ready privacy impact assessments, risk registers, and data flow maps for regulatory compliance.
Install
cmdop skills install agensi-privacy-impact-assessment-guide
Use cases
- use it to generate structured privacy impact assessments for GDPR compliance
- use it to create data flow maps that illustrate how data moves through an organization
- use it to produce risk registers that catalog potential privacy risks
- use it to compile remediation trackers for managing identified privacy risks
- use it to document evidence checklists for regulatory audits
- use it to outline processing activity profiles that clarify data handling practices
When to use it
- when developing privacy documentation for regulatory compliance
- when assessing risks in data processing activities
- when needing structured outputs for audits or internal reviews
- when aligning data practices with legal frameworks like GDPR or CCPA
- when identifying high-risk data activities that require attention
When not to use it
- when legal advice or interpretation of laws is required
- when handling non-personal data that does not require a PIA or DPIA
- when a comprehensive legal review of data practices is needed
- when working in jurisdictions without defined data protection regulations
- when a simple checklist is sufficient without detailed assessments