微信扫一扫Privacy Compliance Skill
This skill provides guidance for GDPR, CCPA, and other privacy regulations.
Key Regulations
| Regulation | Region | Key Requirements | |------------|--------|------------------| | GDPR | EU/EEA | Consent, data rights, breach notification | | CCPA/CPRA | California | Right to know, delete, opt-out | | LGPD | Brazil | Similar to GDPR | | PIPEDA | Canada | Consent, limited collection |
GDPR Requirements
Lawful Bases for Processing
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Data Subject Rights
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object
Implementation Patterns
Consent Management
@dataclass
class Consent:
user_id: str
purpose: str
granted_at: datetime
withdrawn_at: datetime | None
version: str
Data Minimization
# Only collect what's necessary
class UserRegistration(BaseModel):
email: str # Required for account
name: str # Required for personalization
# Don't collect: age, gender, location unless needed
Data Retention
RETENTION_POLICIES = {
"user_data": timedelta(days=365 * 2),
"logs": timedelta(days=90),
"analytics": timedelta(days=365),
}
Privacy Checklist
- [ ] Privacy policy published and accessible
- [ ] Consent obtained before data collection
- [ ] Data subject rights implemented
- [ ] Data minimization practiced
- [ ] Retention policies defined
- [ ] Breach notification process ready
- [ ] DPA (Data Processing Agreement) with vendors