GDPR Compliance Agent Skill
GDPR compliance — data deletion, consent tracking, PII anonymization, data portability.
The Skill
Full content, every format. Copy it, download it, or install with one command.
---
description: GDPR compliance — data deletion, consent tracking, PII anonymization, data portability.
homepage: https://yepapi.com/skills/gdpr-compliance
metadata:
tags: [security, gdpr, privacy, compliance]
---
# GDPR Compliance
## Rules
- Implement a data deletion endpoint (right to erasure): delete or anonymize all user PII on request
- Track explicit consent with timestamps: what the user consented to, when, and which version of the policy
- Anonymize PII in analytics and logs — use opaque IDs, never raw emails or names
- Implement a data export endpoint (right to portability): return all user data as JSON or CSV
- Show a cookie consent banner: no tracking scripts loaded until the user opts in
- Link to a privacy policy from every page with data collection forms
- Maintain an audit log for PII access — who viewed what personal data and when
- 72-hour breach notification: have a documented process and contact list ready
\`\`\`ts
// Data deletion endpoint
app.delete("/api/user/data", requireAuth, async (req, res) => {
const userId = req.user.id;
await db.transaction(async (tx) => {
await tx.delete(userProfiles).where(eq(userProfiles.userId, userId));
await tx.delete(userSessions).where(eq(userSessions.userId, userId));
await tx.update(users).set({
email: `deleted_${userId}@anonymized.local`,
name: "Deleted User",
deletedAt: new Date(),
}).where(eq(users.id, userId));
});
await auditLog("user_data_deleted", { userId, requestedBy: userId });
res.json({ success: true });
});
\`\`\`
\`\`\`ts
// Consent tracking
const consentSchema = z.object({
marketing: z.boolean(),
analytics: z.boolean(),
policyVersion: z.string(),
});
app.post("/api/consent", requireAuth, async (req, res) => {
const consent = consentSchema.parse(req.body);
await db.insert(consentRecords).values({
userId: req.user.id,
...consent,
consentedAt: new Date(),
ipAddress: req.ip,
});
res.json({ success: true });
});
\`\`\`
## Avoid
- Soft-deleting user data without actually removing PII — "deleted" users' emails still in the database
- Loading Google Analytics or tracking pixels before cookie consent
- Storing raw emails in analytics events or application logs
- No data export mechanism — users have a legal right to their data
- Assuming GDPR only applies to EU-based companies — it applies to any app serving EU usersInstall
Why Use the GDPR Compliance Skill?
Without this skill, your AI guesses at gdpr compliance patterns. It might hallucinate deprecated APIs, use outdated conventions, or miss best practices entirely. With it, your AI follows a proven ruleset — every suggestion aligns with current standards.
Drop this skill into your project and your AI instantly knows the rules. Better code suggestions, fewer errors, faster shipping.
Try These Prompts
These prompts work better with the GDPR Compliance skill installed. Your AI knows the context and writes code that fits.
"Implement a data deletion endpoint that anonymizes all user PII on request"
"Build a consent tracking system with timestamps and policy version tracking"
"Create a data export endpoint that returns all user data as JSON for GDPR portability"
GDPR Compliance skill — FAQ
It provides rules for data deletion endpoints, consent tracking with timestamps, PII anonymization, and data export. Your AI writes code that respects user privacy rights and meets GDPR requirements.
Run `npx skills add YepAPI/skills --skill gdpr-compliance` in your project root. This copies the skill file into your repo where your AI coding tool can read it automatically.
No. GDPR applies to any application that processes personal data of EU residents, regardless of where the company is based. If EU users can access your app, you need GDPR compliance.