{"id":"33b51c29-0baa-4bac-aa6a-1c71207f0745","shortId":"UAH649","kind":"skill","title":"compliance-anthropic","tagline":"Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance.","description":"# Compliance Skill\n\nYou are a compliance assistant for an in-house legal team. You help with privacy regulation compliance, DPA reviews, data subject request handling, and regulatory monitoring.\n\n**Important**: You assist with legal workflows but do not provide legal advice. Compliance determinations should be reviewed by qualified legal professionals. Regulatory requirements change frequently; always verify current requirements with authoritative sources.\n\n## Privacy Regulation Overview\n\n### GDPR (General Data Protection Regulation)\n\n**Scope**: Applies to processing of personal data of individuals in the EU/EEA, regardless of where the processing organization is located.\n\n**Key Obligations for In-House Legal Teams**:\n- **Lawful basis**: Identify and document lawful basis for each processing activity (consent, contract, legitimate interest, legal obligation, vital interest, public task)\n- **Data subject rights**: Respond to access, rectification, erasure, portability, restriction, and objection requests within 30 days (extendable by 60 days for complex requests)\n- **Data protection impact assessments (DPIAs)**: Required for processing likely to result in high risk to individuals\n- **Breach notification**: Notify supervisory authority within 72 hours of becoming aware of a personal data breach; notify affected individuals without undue delay if high risk\n- **Records of processing**: Maintain Article 30 records of processing activities\n- **International transfers**: Ensure appropriate safeguards for transfers outside EEA (SCCs, adequacy decisions, BCRs)\n- **DPO requirement**: Appoint a Data Protection Officer if required (public authority, large-scale processing of special categories, large-scale systematic monitoring)\n\n**Common In-House Legal Touchpoints**:\n- Reviewing vendor DPAs for GDPR compliance\n- Advising product teams on privacy by design requirements\n- Responding to supervisory authority inquiries\n- Managing cross-border data transfer mechanisms\n- Reviewing consent mechanisms and privacy notices\n\n### CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act)\n\n**Scope**: Applies to businesses that collect personal information of California residents and meet revenue, data volume, or data sale thresholds.\n\n**Key Obligations**:\n- **Right to know**: Consumers can request disclosure of personal information collected, used, and shared\n- **Right to delete**: Consumers can request deletion of their personal information\n- **Right to opt-out**: Consumers can opt out of the sale or sharing of personal information\n- **Right to correct**: Consumers can request correction of inaccurate personal information (CPRA addition)\n- **Right to limit use of sensitive personal information**: Consumers can limit use of sensitive PI to specific purposes (CPRA addition)\n- **Non-discrimination**: Cannot discriminate against consumers who exercise their rights\n- **Privacy notice**: Must provide a privacy notice at or before collection describing categories of PI collected and purposes\n- **Service provider agreements**: Contracts with service providers must restrict use of PI to the specified business purpose\n\n**Response Timelines**:\n- Acknowledge receipt within 10 business days\n- Respond substantively within 45 calendar days (extendable by 45 days with notice)\n\n### Other Key Regulations to Monitor\n\n| Regulation | Jurisdiction | Key Differentiators |\n|---|---|---|\n| **LGPD** (Brazil) | Brazil | Similar to GDPR; requires DPO appointment; National Data Protection Authority (ANPD) enforcement |\n| **POPIA** (South Africa) | South Africa | Information Regulator oversight; required registration of processing |\n| **PIPEDA** (Canada) | Canada (federal) | Consent-based framework; OPC oversight; being modernized |\n| **PDPA** (Singapore) | Singapore | Do Not Call registry; mandatory breach notification; PDPC enforcement |\n| **Privacy Act** (Australia) | Australia | Australian Privacy Principles (APPs); notifiable data breaches scheme |\n| **PIPL** (China) | China | Strict cross-border transfer rules; data localization requirements; CAC oversight |\n| **UK GDPR** | United Kingdom | Post-Brexit UK version; ICO oversight; similar to EU GDPR with UK-specific adequacy |\n\n## DPA Review Checklist\n\nWhen reviewing a Data Processing Agreement or Data Processing Addendum, verify the following:\n\n### Required Elements (GDPR Article 28)\n\n- [ ] **Subject matter and duration**: Clearly defined scope and term of processing\n- [ ] **Nature and purpose**: Specific description of what processing will occur and why\n- [ ] **Type of personal data**: Categories of personal data being processed\n- [ ] **Categories of data subjects**: Whose personal data is being processed\n- [ ] **Controller obligations and rights**: Controller's instructions and oversight rights\n\n### Processor Obligations\n\n- [ ] **Process only on documented instructions**: Processor commits to process only per controller's instructions (with exception for legal requirements)\n- [ ] **Confidentiality**: Personnel authorized to process have committed to confidentiality\n- [ ] **Security measures**: Appropriate technical and organizational measures described (Article 32 reference)\n- [ ] **Sub-processor requirements**:\n  - [ ] Written authorization requirement (general or specific)\n  - [ ] If general authorization: notification of changes with opportunity to object\n  - [ ] Sub-processors bound by same obligations via written agreement\n  - [ ] Processor remains liable for sub-processor performance\n- [ ] **Data subject rights assistance**: Processor will assist controller in responding to data subject requests\n- [ ] **Security and breach assistance**: Processor will assist with security obligations, breach notification, DPIAs, and prior consultation\n- [ ] **Deletion or return**: On termination, delete or return all personal data (at controller's choice) and delete existing copies unless legal retention required\n- [ ] **Audit rights**: Controller has right to conduct audits and inspections (or accept third-party audit reports)\n- [ ] **Breach notification**: Processor will notify controller of personal data breaches without undue delay (ideally within 24-48 hours; must enable controller to meet 72-hour regulatory deadline)\n\n### International Transfers\n\n- [ ] **Transfer mechanism identified**: SCCs, adequacy decision, BCRs, or other valid mechanism\n- [ ] **SCCs version**: Using current EU SCCs (June 2021 version) if applicable\n- [ ] **Correct module**: Appropriate SCC module selected (C2P, C2C, P2P, P2C)\n- [ ] **Transfer impact assessment**: Completed if transferring to countries without adequacy decisions\n- [ ] **Supplementary measures**: Technical, organizational, or contractual measures to address gaps identified in transfer impact assessment\n- [ ] **UK addendum**: If UK personal data is in scope, UK International Data Transfer Addendum included\n\n### Practical Considerations\n\n- [ ] **Liability**: DPA liability provisions align with (or don't conflict with) the main services agreement\n- [ ] **Termination alignment**: DPA term aligns with the services agreement\n- [ ] **Data locations**: Processing locations specified and acceptable\n- [ ] **Security standards**: Specific security standards or certifications required (SOC 2, ISO 27001, etc.)\n- [ ] **Insurance**: Adequate insurance coverage for data processing activities\n\n### Common DPA Issues\n\n| Issue | Risk | Standard Position |\n|---|---|---|\n| Blanket sub-processor authorization without notification | Loss of control over processing chain | Require notification with right to object |\n| Breach notification timeline > 72 hours | May prevent timely regulatory notification | Require notification within 24-48 hours |\n| No audit rights (or audit rights only via third-party reports) | Cannot verify compliance | Accept SOC 2 Type II + right to audit upon cause |\n| Data deletion timeline not specified | Data retained indefinitely | Require deletion within 30-90 days of termination |\n| No data processing locations specified | Data could be processed anywhere | Require disclosure of processing locations |\n| Outdated SCCs | Invalid transfer mechanism | Require current EU SCCs (2021 version) |\n\n## Data Subject Request Handling\n\n### Request Intake\n\nWhen a data subject request is received:\n\n1. **Identify the request type**:\n   - Access (copy of personal data)\n   - Rectification (correction of inaccurate data)\n   - Erasure / deletion (\"right to be forgotten\")\n   - Restriction of processing\n   - Data portability (structured, machine-readable format)\n   - Objection to processing\n   - Opt-out of sale/sharing (CCPA/CPRA)\n   - Limit use of sensitive personal information (CPRA)\n\n2. **Identify applicable regulation(s)**:\n   - Where is the data subject located?\n   - Which laws apply based on your organization's presence and activities?\n   - What are the specific requirements and timelines?\n\n3. **Verify identity**:\n   - Confirm the requester is who they claim to be\n   - Use reasonable verification measures proportionate to the sensitivity of the data\n   - Do not require excessive documentation\n\n4. **Log the request**:\n   - Date received\n   - Request type\n   - Requester identity\n   - Applicable regulation\n   - Response deadline\n   - Assigned handler\n\n### Response Timelines\n\n| Regulation | Initial Acknowledgment | Substantive Response | Extension |\n|---|---|---|---|\n| GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |\n| CCPA/CPRA | 10 business days | 45 calendar days | +45 days (with notice) |\n| UK GDPR | Not specified (best practice: promptly) | 30 days | +60 days (with notice) |\n| LGPD | Not specified | 15 days | Limited extensions |\n\n### Exemptions and Exceptions\n\nBefore fulfilling a request, check whether any exemptions apply:\n\n**Common exemptions across regulations**:\n- Legal claims defense or establishment\n- Legal obligations requiring retention\n- Public interest or official authority\n- Freedom of expression and information (for erasure requests)\n- Archiving in the public interest or scientific/historical research\n\n**Organization-specific considerations**:\n- Litigation hold: Data subject to a legal hold cannot be deleted\n- Regulatory retention: Financial records, employment records, and other categories may have mandatory retention periods\n- Third-party rights: Fulfilling the request might adversely affect the rights of others\n\n### Response Process\n\n1. Gather all personal data of the requester across systems\n2. Apply any exemptions and document the basis\n3. Prepare response: fulfill the request or explain why (in whole or part) it cannot be fulfilled\n4. If denying (in whole or part): cite the specific legal basis for denial\n5. Inform the requester of their right to lodge a complaint with the supervisory authority\n6. Document the response and retain records of the request and response\n\n## Regulatory Monitoring Basics\n\n### What to Monitor\n\nMaintain awareness of developments in:\n- **Regulatory guidance**: New or updated guidance from supervisory authorities (ICO, CNIL, FTC, state AGs, etc.)\n- **Enforcement actions**: Fines, orders, and settlements that signal regulatory priorities\n- **Legislative changes**: New privacy laws, amendments to existing laws, implementing regulations\n- **Industry standards**: Updates to ISO 27001, SOC 2, NIST frameworks, and sector-specific requirements\n- **Cross-border transfer developments**: Adequacy decisions, SCC updates, data localization requirements\n\n### Monitoring Approach\n\n1. **Subscribe to regulatory authority communications** (newsletters, RSS feeds, official announcements)\n2. **Track relevant legal publications** for analysis of new developments\n3. **Review industry association updates** for sector-specific guidance\n4. **Maintain a regulatory calendar** of known upcoming deadlines, effective dates, and compliance milestones\n5. **Brief the legal team** on material developments that affect the organization's processing activities\n\n### Escalation Criteria\n\nEscalate regulatory developments to senior counsel or leadership when:\n- A new regulation or guidance directly affects the organization's core business activities\n- An enforcement action in the organization's sector signals heightened regulatory scrutiny\n- A compliance deadline is approaching that requires organizational changes\n- A data transfer mechanism the organization relies on is challenged or invalidated\n- A regulatory authority initiates an inquiry or investigation involving the organization","tags":["compliance","anthropic","awesome","legal","skills","lawvable","agent-skills","automation","law","legal-work","workflows"],"capabilities":["skill","source-lawvable","skill-compliance-anthropic","topic-agent-skills","topic-automation","topic-law","topic-legal-work","topic-workflows"],"categories":["awesome-legal-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/lawvable/awesome-legal-skills/compliance-anthropic","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add lawvable/awesome-legal-skills","source_repo":"https://github.com/lawvable/awesome-legal-skills","install_from":"skills.sh"}},"qualityScore":"0.605","qualityRationale":"deterministic score 0.60 from registry signals: · indexed on github topic:agent-skills · 310 github stars · SKILL.md body (12,500 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-02T18:53:54.526Z","embedding":null,"createdAt":"2026-04-18T22:04:19.192Z","updatedAt":"2026-05-02T18:53:54.526Z","lastSeenAt":"2026-05-02T18:53:54.526Z","tsv":"'+45':1234 '+60':1223,1247 '-48':825,1005 '-90':1044 '1':1087,1349,1501 '10':465,1228 '15':1254 '2':953,1024,1134,1359,1479,1512 '2021':856,1072 '24':824,1004 '27001':955,1477 '28':606 '3':1163,1367,1522 '30':173,228,1043,1221,1245 '32':699 '4':1191,1384,1532 '45':471,476,1231 '5':1398,1546 '6':1413 '60':177 '72':204,832,994 'accept':803,943,1022 'access':26,164,1092 'acknowledg':462,1211 'across':1272,1357 'act':312,316,541 'action':1452,1587 'activ':148,232,964,1155,1560,1584 'addendum':598,897,909 'addit':393,413 'address':889 'adequ':958 'adequaci':243,585,842,879,1492 'advers':1341 'advic':81 'advis':281 'affect':215,1342,1555,1578 'africa':506,508 'ag':1449 'agreement':21,445,594,730,927,936 'align':917,929,932 'alway':95 'amend':1466 'analysi':1518 'announc':1511 'anpd':502 'anthrop':3 'anywher':1057 'app':547 'appli':111,318,1147,1269,1360 'applic':859,1136,1201 'appoint':248,497 'approach':1500,1601 'appropri':236,692,862 'archiv':1296 'articl':227,605,698 'assess':30,185,872,895 'assign':1205 'assist':47,72,742,745,756,759 'associ':1525 'audit':792,799,807,1008,1011,1029 'australia':542,543 'australian':544 'author':202,256,292,501,683,706,713,976,1287,1412,1444,1505,1620 'authorit':100 'awar':208,1432 'base':522,1148 'basi':139,144,1366,1395 'basic':1427 'bcrs':245,844 'becom':207 'best':1218,1242 'blanket':972 'border':33,297,558,1489 'bound':724 'brazil':490,491 'breach':198,213,536,550,755,763,809,818,991 'brexit':572 'brief':1547 'busi':320,458,466,1229,1583 'c2c':867 'c2p':866 'cac':564 'calendar':472,1232,1536 'california':309,313,326 'call':533 'canada':517,518 'cannot':417,1019,1316,1381 'categori':263,437,634,640,1327 'caus':1031 'ccpa':8,307 'ccpa/cpra':1126,1227 'certif':950 'chain':984 'challeng':1615 'chang':93,716,1462,1605 'check':1265 'checklist':588 'china':553,554 'choic':783 'cite':1391 'claim':1172,1275 'clear':611 'cnil':1446 'collect':322,349,435,440 'commit':668,687 'common':269,965,1270 'communic':1506 'complaint':1408 'complet':873 'complex':180 'complianc':2,40,41,46,60,82,280,1021,1544,1598 'compliance-anthrop':1 'conduct':798 'confidenti':681,689 'confirm':1166 'conflict':922 'consent':149,302,521 'consent-bas':520 'consider':912,1307 'consult':768 'consum':310,342,356,369,384,402,420 'contract':150,446 'contractu':886 'control':650,654,673,746,781,794,814,829,981 'copi':787,1093 'core':1582 'correct':383,387,860,1098 'could':1054 'counsel':1568 'countri':877 'coverag':960 'cpra':308,392,412,1133 'criteria':1562 'cross':32,296,557,1488 'cross-bord':31,295,556,1487 'current':97,852,1069 'data':13,19,24,34,63,107,116,159,182,212,250,298,331,334,499,549,561,592,596,633,637,642,646,739,750,779,817,901,907,937,962,1032,1037,1049,1053,1074,1082,1096,1101,1111,1142,1185,1310,1353,1496,1607 'date':1195,1542 'day':174,178,467,473,477,1045,1222,1224,1230,1233,1235,1246,1248,1255 'deadlin':835,1204,1540,1599 'decis':244,843,880,1493 'defens':1276 'defin':612 'delay':219,821 'delet':28,355,359,769,774,785,1033,1041,1103,1318 'deni':1386 'denial':1397 'describ':436,697 'descript':622 'design':287 'determin':83 'develop':1434,1491,1521,1553,1565 'differenti':488 'direct':1577 'disclosur':345,1059 'discrimin':416,418 'document':142,665,1190,1364,1414 'dpa':61,586,914,930,966 'dpas':10,277 'dpia':186,765 'dpo':246,496 'durat':610 'eea':241 'effect':1541 'element':603 'employ':1323 'enabl':828 'enforc':503,539,1451,1586 'ensur':235 'erasur':166,1102,1294 'escal':1561,1563 'establish':1278 'etc':956,1450 'eu':579,853,1070 'eu/eea':121 'evalu':38 'except':677,1260 'excess':1189 'exempt':1258,1268,1271,1362 'exercis':422 'exist':786,1468 'explain':1374 'express':1290 'extend':175,474 'extens':1214,1257 'feder':519 'feed':1509 'financi':1321 'fine':1453 'follow':601 'forgotten':1107 'format':1117 'framework':523,1481 'freedom':1288 'frequent':94 'ftc':1447 'fulfil':1262,1337,1370,1383 'gap':890 'gather':1350 'gdpr':7,105,279,494,567,580,604,1215,1239 'general':106,708,712 'guidanc':1437,1441,1531,1576 'handl':12,66,1077 'handler':1206 'heighten':1594 'help':56 'high':194,221 'hold':1309,1315 'hour':205,826,833,995,1006 'hous':52,135,272 'ico':575,1445 'ideal':822 'ident':1165,1200 'identifi':140,840,891,1088,1135 'ii':1026 'impact':184,871,894 'implement':1470 'import':70 'in-hous':50,133,270 'inaccur':389,1100 'includ':910 'indefinit':1039 'individu':118,197,216 'industri':1472,1524 'inform':324,348,363,380,391,401,509,1132,1292,1399 'initi':1210,1621 'inquiri':293,1623 'inspect':801 'instruct':656,666,675 'insur':957,959 'intak':1079 'interest':152,156,1284,1300 'intern':233,836,906 'invalid':1065,1617 'investig':1625 'involv':1626 'iso':954,1476 'issu':967,968 'june':855 'jurisdict':486 'key':130,337,481,487 'kingdom':569 'know':341 'known':1538 'larg':258,265 'large-scal':257,264 'law':138,143,1146,1465,1469 'leadership':1570 'legal':53,74,80,89,136,153,273,679,789,1274,1279,1314,1394,1515,1549 'legisl':1461 'legitim':151 'lgpd':489,1251 'liabil':913,915 'liabl':733 'like':190 'limit':396,404,1127,1256 'litig':1308 'local':562,1497 'locat':129,938,940,1051,1062,1144 'lodg':1406 'log':1192 'loss':979 'machin':1115 'machine-read':1114 'main':925 'maintain':226,1431,1533 'manag':294 'mandatori':535,1330 'materi':1552 'matter':608 'may':996,1328 'measur':691,696,882,887,1178 'mechan':300,303,839,848,1067,1609 'meet':329,831 'might':1340 'mileston':1545 'modern':527 'modul':861,864 'monitor':69,268,484,1426,1430,1499 'must':427,450,827 'nation':498 'natur':618 'navig':4 'new':1438,1463,1520,1573 'newslett':1507 'nist':1480 'non':415 'non-discrimin':414 'notic':306,426,431,479,1226,1237,1250 'notif':199,537,714,764,810,978,986,992,1000,1002 'notifi':200,214,548,813 'object':170,720,990,1118 'oblig':131,154,338,651,661,727,762,1280 'occur':627 'offic':252 'offici':1286,1510 'opc':524 'opportun':718 'opt':367,371,1122 'opt-out':366,1121 'order':1454 'organ':127,1151,1305,1557,1580,1590,1611,1628 'organiz':695,884,1604 'organization-specif':1304 'other':1346 'outdat':1063 'outsid':240 'oversight':511,525,565,576,658 'overview':104 'p2c':869 'p2p':868 'part':1379,1390 'parti':806,1017,1335 'pdpa':528 'pdpc':538 'per':672 'perform':738 'period':1332 'person':115,211,323,347,362,379,390,400,632,636,645,778,816,900,1095,1131,1352 'personnel':682 'pi':408,439,454 'pipeda':516 'pipl':552 'popia':504 'portabl':167,1112 'posit':971 'post':571 'post-brexit':570 'practic':911,1219,1243 'prepar':1368 'presenc':1153 'prevent':997 'principl':546 'prior':767 'prioriti':1460 'privaci':5,39,58,102,285,305,311,314,425,430,540,545,1464 'process':20,113,126,147,189,225,231,260,515,593,597,617,625,639,649,662,670,685,939,963,983,1050,1056,1061,1110,1120,1348,1559 'processor':660,667,703,723,731,737,743,757,811,975 'product':282 'profession':90 'prompt':1220,1244 'proportion':1179 'protect':108,183,251,500 'provid':79,428,444,449 'provis':916 'public':157,255,1283,1299,1516 'purpos':411,442,459,620 'qualifi':88 'readabl':1116 'reason':1176 'receipt':463 'receiv':1086,1196 'record':223,229,1322,1324,1419 'rectif':165,1097 'refer':700 'regardless':122 'registr':513 'registri':534 'regul':6,59,103,109,482,485,510,1137,1202,1209,1273,1471,1574 'regulatori':68,91,834,999,1319,1425,1436,1459,1504,1535,1564,1595,1619 'relev':1514 'reli':1612 'remain':732 'report':808,1018 'request':15,29,65,171,181,344,358,386,752,1076,1078,1084,1090,1168,1194,1197,1199,1264,1295,1339,1356,1372,1401,1422 'requir':36,92,98,187,247,254,288,495,512,563,602,680,704,707,791,951,985,1001,1040,1058,1068,1160,1188,1281,1486,1498,1603 'research':1303 'resid':327 'respond':22,162,289,468,748 'respons':460,1203,1207,1213,1347,1369,1416,1424 'restrict':168,451,1108 'result':192 'retain':1038,1418 'retent':790,1282,1320,1331 'return':771,776 'revenu':330 'review':9,18,62,86,275,301,587,590,1523 'right':161,315,339,353,364,381,394,424,653,659,741,793,796,988,1009,1012,1027,1104,1336,1344,1404 'risk':195,222,969 'rss':1508 'rule':560 'safeguard':237 'sale':335,375 'sale/sharing':1125 'scale':259,266 'scc':863,1494 'sccs':242,841,849,854,1064,1071 'scheme':551 'scientific/historical':1302 'scope':110,317,613,904 'scrutini':1596 'sector':1484,1529,1592 'sector-specif':1483,1528 'secur':690,753,761,944,947 'select':865 'senior':1567 'sensit':399,407,1130,1182 'servic':443,448,926,935 'settlement':1456 'share':352,377 'signal':1458,1593 'similar':492,577 'singapor':529,530 'skill':42 'skill-compliance-anthropic' 'soc':952,1023,1478 'sourc':101 'source-lawvable' 'south':505,507 'special':262 'specif':410,584,621,710,946,1159,1306,1393,1485,1530 'specifi':457,941,1036,1052,1217,1241,1253 'standard':945,948,970,1473 'state':1448 'strict':555 'structur':1113 'sub':702,722,736,974 'sub-processor':701,721,735,973 'subject':14,25,64,160,607,643,740,751,1075,1083,1143,1311 'subscrib':1502 'substant':469,1212 'supervisori':201,291,1411,1443 'supplementari':881 'system':1358 'systemat':267 'task':158 'team':54,137,283,1550 'technic':693,883 'term':615,931 'termin':773,928,1047 'third':805,1016,1334 'third-parti':804,1015,1333 'threshold':336 'time':998 'timelin':461,993,1034,1162,1208 'topic-agent-skills' 'topic-automation' 'topic-law' 'topic-legal-work' 'topic-workflows' 'touchpoint':274 'track':1513 'transfer':35,234,239,299,559,837,838,870,875,893,908,1066,1490,1608 'type':630,1025,1091,1198 'uk':566,573,583,896,899,905,1238 'uk-specif':582 'undu':218,820 'unit':568 'unless':788 'upcom':1539 'updat':1440,1474,1495,1526 'upon':1030 'use':16,350,397,405,452,851,1128,1175 'valid':847 'vendor':276 'verif':1177 'verifi':96,599,1020,1164 'version':574,850,857,1073 'via':728,1014 'vital':155 'volum':332 'whether':1266 'whole':1377,1388 'whose':644 'within':172,203,464,470,823,1003,1042 'without':217,819,878,977 'workflow':75 'written':705,729","prices":[{"id":"ab697f5f-0933-4f8b-b0b1-7b9b1ad01edd","listingId":"33b51c29-0baa-4bac-aa6a-1c71207f0745","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"lawvable","category":"awesome-legal-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:04:19.192Z"}],"sources":[{"listingId":"33b51c29-0baa-4bac-aa6a-1c71207f0745","source":"github","sourceId":"lawvable/awesome-legal-skills/compliance-anthropic","sourceUrl":"https://github.com/lawvable/awesome-legal-skills/tree/main/skills/compliance-anthropic","isPrimary":false,"firstSeenAt":"2026-04-18T22:04:19.192Z","lastSeenAt":"2026-05-02T18:53:54.526Z"}],"details":{"listingId":"33b51c29-0baa-4bac-aa6a-1c71207f0745","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"lawvable","slug":"compliance-anthropic","github":{"repo":"lawvable/awesome-legal-skills","stars":310,"topics":["agent-skills","automation","law","legal-work","workflows"],"license":"other","html_url":"https://github.com/lawvable/awesome-legal-skills","pushed_at":"2026-03-03T11:25:06Z","description":"A curated list of awesome Agent Skills for automating legal work","skill_md_sha":"717e17bbb1075ae0dc607323bc9c75ec189fbd3b","skill_md_path":"skills/compliance-anthropic/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/lawvable/awesome-legal-skills/tree/main/skills/compliance-anthropic"},"layout":"multi","source":"github","category":"awesome-legal-skills","frontmatter":{"name":"compliance-anthropic","description":"Navigate privacy regulations (GDPR, CCPA), review DPAs, and handle data subject requests. Use when reviewing data processing agreements, responding to data subject access or deletion requests, assessing cross-border data transfer requirements, or evaluating privacy compliance."},"skills_sh_url":"https://skills.sh/lawvable/awesome-legal-skills/compliance-anthropic"},"updatedAt":"2026-05-02T18:53:54.526Z"}}