rgpd

Activation Contract

Use this skill when the user asks for help with RGPD/GDPR, LOPDGDD, privacy notices, cookies, consent banners/CMPs, data processing agreements, records of processing, DPIA/EIPD, data subject rights, retention, processors, transfers, or privacy-by-design reviews.

Do not present outputs as legal advice. State when legal counsel or the DPO should validate conclusions, especially for high-risk processing, special-category data, international transfers, minors, automated decisions, regulatory complaints, or final public legal wording.

Hard Rules

• Work in the user's language and jurisdiction context; default to Spain/EU when unspecified.
• Separate facts, assumptions, risks, and recommendations.
• Ask for missing essentials only when needed: controller/processor role, data categories, purposes, legal bases, recipients, retention, transfers, security measures, cookies/trackers, and data-subject flows.
• Prefer official and current sources for legal claims; if browsing is available, verify recent regulatory changes before final legal wording.
• Minimize personal data in examples; use placeholders or synthetic data.
• Flag uncertainty clearly and avoid guaranteeing compliance.
• For consent UX, never recommend dark patterns, forced acceptance, preselected non-essential choices, or cookie walls without a valid equivalent alternative.

Decision Gates

| Situation | Action |