Data Privacy Compliance

What it does

This skill enables AI agents to automatically audit codebases and documentation against major data privacy regulations like GDPR, CCPA, and HIPAA. It identifies specific compliance gaps, such as missing consent mechanisms or unencrypted PII storage, and suggests remediation steps.

When to use it

• Before deploying a new feature that handles personally identifiable information (PII) in production.
• During security reviews to ensure user data collection flows meet legal requirements.
• When migrating legacy systems to modern cloud infrastructure with stricter privacy mandates.
• To generate compliance reports for internal audits or external regulatory bodies.

Key capabilities

• Scans source code and configuration files for hardcoded credentials and sensitive data exposure.
• Analyzes user consent logic and data retention policies against GDPR and CCPA standards.
• Flags missing encryption protocols for data at rest and in transit.
• Provides actionable recommendations to align architecture with HIPAA security rules.

Example prompts

• "Audit this user authentication module for GDPR compliance regarding cookie consent."
• "Identify any hardcoded API keys or secrets in the backend service configuration files."
• "Generate a report on how our current data retention policy violates CCPA requirements."

Tips & gotchas

Ensure your codebase includes up-to-date comments and documentation, as the skill relies on context to accurately assess intent. This tool acts as an automated first line of defense but should always be validated by a qualified legal or compliance officer before final deployment.