Agent Skills
› cosmicstack-labs/mercury-agent-skills
› privacy-compliance
privacy-compliance
GitHub协助构建和维护隐私合规计划,涵盖GDPR、CCPA等法规要求。支持数据映射、同意管理、DSR处理及隐私设计原则落地,确保数据收集、存储与删除符合法律标准。
Trigger Scenarios
需要制定或审计隐私合规计划
处理数据主体访问或删除请求
咨询特定地区(如欧盟、加州)数据保护法规
进行数据流映射或第三方处理器评估
Install
npx skills add cosmicstack-labs/mercury-agent-skills --skill privacy-compliance -g -y
SKILL.md
Frontmatter
{
"name": "privacy-compliance",
"metadata": {
"tags": [
"privacy",
"compliance",
"gdpr",
"ccpa",
"hipaa",
"data-protection"
],
"author": "cosmicstack-labs",
"version": "1.0.0",
"category": "finance-legal"
},
"description": "GDPR, CCPA, HIPAA, data mapping, consent management, DSR handling, and privacy program management"
}
Privacy & Compliance
Build and maintain privacy compliance programs.
Major Regulations
| Regulation | Scope | Key Requirements |
|---|---|---|
| GDPR | EU residents | Consent, data rights, breach notification, DPO |
| CCPA/CPRA | California residents | Right to know, delete, opt-out |
| HIPAA | US healthcare | PHI protection, BAAs, security rule |
| LGPD | Brazil | Similar to GDPR |
| PIPEDA | Canada | Consent, access, accuracy |
Core Program Components
Data Mapping
- Catalog all data collected (PII, sensitive, financial)
- Document flow: collection → storage → processing → deletion
- Identify third-party processors and sub-processors
- Map legal basis for each processing activity
- Review and update quarterly
Consent Management
- Obtain explicit, informed consent before collection
- Record consent with timestamp and version
- Make withdrawal as easy as giving consent
- Refresh consent annually or when purpose changes
Data Subject Requests (DSR)
| Request Type | Timeline | Process |
|---|---|---|
| Access | 30 days | Provide all data in machine-readable format |
| Deletion | 30 days | Delete + request deletion from third parties |
| Correction | 30 days | Fix inaccurate data |
| Portability | 30 days | Export in structured format |
| Objection | 30 days | Stop processing for specific purpose |
Privacy by Design
- Proactive not reactive — embed privacy from the start
- Default settings should be most private
- Minimize data collection to what's necessary
- Encrypt everywhere (transit and at rest)
- Retain only as long as needed, then delete
Version History
- 38e2523 Current 2026-07-05 19:39


