data-protection
SKILL.md
Data Protection Skill
Purpose
Defines data protection practices ensuring privacy-by-design, GDPR compliance, and secure data handling across all Hack23 projects.
Data Classification Levels
| Level | Description | Handling |
|---|---|---|
| PUBLIC | Open data, published information | No restrictions |
| INTERNAL | Operational data, system metadata | Access controlled |
| CONFIDENTIAL | Personal data, business sensitive | Encrypted, logged |
| RESTRICTED | Credentials, keys, PII aggregation | Encrypted, MFA required |
Privacy-by-Design Principles
- Proactive — Prevent privacy issues before they occur
- Default — Maximum privacy as default setting
- Embedded — Privacy built into design
- Positive-Sum — Privacy AND functionality
- End-to-End — Full lifecycle protection
- Transparency — Open and documented
- User-Centric — Respect user privacy
GDPR Requirements
- Lawful basis for processing
- Data minimization (collect only what's needed)
- Purpose limitation
- Storage limitation (retention policies)
- Data subject rights (access, deletion, portability)
- Privacy impact assessments for new features
Static Site Considerations
- No cookies without consent
- Privacy-preserving analytics only
- No tracking pixels or fingerprinting
- Secure external links (rel="noopener noreferrer")
- No PII in URLs or query parameters
ISO 27001 Mapping
- A.5.34 — Privacy and protection of PII
- A.8.11 — Data masking
- A.8.12 — Data leakage prevention
Related Policies
Weekly Installs
10
Repository
hack23/riksdagsmonitorGitHub Stars
2
First Seen
14 days ago
Security Audits
Installed on
opencode10
claude-code10
github-copilot10
codex10
amp10
cline10