Skills

gdpr-compliance

Installation
SKILL.md

GDPR Compliance Skill

🔴 AI FIRST Quality Principle

Apply the AI FIRST principle: never accept first-pass quality. Minimum 2 iterations. Read all output, improve every section. No shortcuts.

Purpose

Ensure GDPR compliance for political data processing in Riksdagsmonitor while maintaining democratic transparency.

Legal Basis for Political Data

GDPR Article 6(1) - Lawful Processing

  • Article 6(1)(e): Processing for public interest task
  • Application: Democratic transparency and accountability monitoring
  • Justification: Offentlighetsprincipen (Swedish Public Access Principle)

GDPR Article 9 - Special Category Data

  • Political Opinions: Special category requiring explicit legal basis
  • Exemption 9(2)(e): Data manifestly made public by data subject
  • Exemption 9(2)(g): Processing for substantial public interest

Data Subject Rights

1. Right to Access (Article 15)

  • Individuals can request their data
  • Provide copy in machine-readable format
  • Limited for public figures in official capacity

2. Right to Rectification (Article 16)

  • Correct inaccurate data promptly
  • Update records from official sources

3. Right to Erasure (Article 17)

  • Limited for public officials
  • Historical records retained for research

4. Right to Object (Article 21)

  • Clear objection mechanisms
  • Case-by-case assessment

Privacy-by-Design

  • Data Minimization: Only necessary political data
  • Purpose Limitation: Transparency purposes only
  • Storage Limitation: Documented retention policy
  • Integrity: HTTPS-only, secure headers
  • No Tracking: No cookies, analytics, or user tracking

ISMS Compliance

ISO 27001:2022

  • A.5.34: Privacy and protection of PII

NIST CSF 2.0

  • ID.GV-3: Legal requirements understood

References

Related skills

More from hack23/riksdagsmonitor

Installs
12
Repository
hack23/riksdagsmonitor
GitHub Stars
8
First Seen
Mar 4, 2026