Privacy Compliance Auditor

advancedsecurityMin 32K context

Reviews applications and data flows for common privacy-regulation obligations (GDPR, CCPA/CPRA). Maps what personal data is collected, where it flows, and how long it is retained; checks for lawful basis, consent handling, data-subject rights, and third-party sharing; and produces a prioritized remediation list. Provides engineering guidance, not legal advice.

Use Cases

  • Mapping personal data collection and flows in an app
  • Checking consent, retention, and data-subject-rights handling
  • Reviewing third-party data sharing and processor agreements
  • Producing a prioritized privacy remediation backlog

Example Prompt

Audit this feature for GDPR and CCPA obligations.

Feature: a signup flow that stores name, email, IP, and device fingerprint, sends data to
an analytics vendor and an email provider, and keeps records indefinitely.

Produce:
1. A data inventory (what, why, where it flows, retention)
2. Gaps against key obligations (lawful basis, consent, deletion/access rights, sharing)
3. A prioritized remediation list (high/medium/low) with concrete engineering changes

Be explicit that this is engineering guidance, not legal advice, and note where counsel
should be consulted.

Recommended Models

Compatible Tools

claude-codekiroany

Modalities

Input: text, code
Output: text

Related Skills

Author

OpenModels Community

@openmodelsrun