Business Productivity Skill

Privacy Check

Checks your project for data-protection risks, open questions and expert-review needs — before it goes live.

Privacy CheckGDPRPrivacy pre-checkPrivacy reviewGDPR checkEU AI ActConsentCookie bannerTrackingPrivacy policyData flowRetention & deletionData processing agreementInternational data transferData subject rightsData breachData minimizationRisk ratingExpert reviewDPIAChatbot privacyApp privacyGiveawayNewsletterPrivacyComplianceBusiness
Free
0 0 v1.0.0 Updated 01.07.2026 by skills-for-ai

SKILL.md in the open agentskills.io standard — works directly in Claude, ChatGPT/Codex, Cursor, Copilot & more.

Privacy Check is an AI skill for a structured data-protection pre-check of any project — it makes visible which data, purposes, jurisdictions, vendors, consents, retention periods and risks must be checked before you go live. Not just websites: apps, newsletters, giveaways, events, leads/CRM, communities, chatbots, AI agents, shops, courses, HR and automations too. It detects the project type and use cases, routes the relevant regimes (GDPR, ePrivacy, EU AI Act, UK, US state laws), flags high-risk hard, and delivers a risk traffic light, prioritized to-dos and an expert-review briefing. Not legal advice, not a final sign-off.

What this skill does

  • Detects the project type and use cases and activates the matching modules (14 areas from website to AI agent)
  • Eleven modes via a router: quick check · project intake · use-case check · jurisdiction router · consent & notice · data flow & vendors · risk & DPIA · AI & AI-Act · launch gate · docs & to-do generator · expert-review briefing
  • Routes the relevant regimes (GDPR, ePrivacy/§25 TDDDG, EU AI Act, UK GDPR/DUAA, US state laws, Switzerland, …) as check points
  • Builds a data inventory, data-flow map and purpose matrix, and forces data minimization
  • Structures possible legal bases to check (without finally deciding)
  • Checks consent/opt-out, transparency notices, cookie-banner rules and service-vs-marketing separation
  • Captures vendors, DPAs, subprocessors and third-country transfers (adequacy/SCCs+TIA/DPF)
  • Flags high-risk hard (children, health, biometrics, location, profiling, automated decisions) and checks DPIA need
  • Screens AI features against the EU AI Act (Art. 5 bans, Art. 50 transparency, Annex III high-risk, FRIA) — date-aware
  • Outputs a risk traffic light, readiness score, prioritized to-dos, draft text blocks and an expert-review briefing

Description

Privacy Check is a skill for a structured data-protection pre-check — it does not decide whether a project is finally lawful; it makes visible which data, purposes, people, countries, platforms, vendors, notices, consents, security measures, retention periods and risks must be checked. The framing is always the same: "before this goes live — what does a qualified human still need to look at?" Instead of only thinking about website cookies, it detects the real project type and activates the matching use-case module: website/tracking, app/mobile SDK, newsletter/direct marketing, leads/CRM/sales, giveaway/contest, event/expo/webinar, community/social, chatbot/AI agent/RAG, shop/payment, course/LMS, children/youth, HR/recruiting, vendor/transfer and security/incident. It thinks globally: operator country, user countries, target markets, cloud region and vendor countries decide which regimes to check — it routes them and recommends verifying the current official source. The flow is a real method: data inventory, data-flow map (source → collection → system → vendor → storage → recipients → deletion), purpose matrix with data minimization, roles (controller/processor), a legal-basis pre-screen (structure the options, don't finally decide), consent/opt-out architecture, transparency blocks, vendor and third-country transfer checks, retention/deletion, security measures (TOMs) and a high-risk screen. It flags high-risk hard: children, health, biometrics, precise location, profiling/scoring, automated decisions, extensive tracking, third-country transfers and AI agents with tool access — and checks whether a DPIA (GDPR Art. 35) is likely mandatory. For AI projects it screens GDPR and the EU AI Act in parallel: prohibited practices (Art. 5), chatbot transparency and synthetic-content marking (Art. 50), high-risk classification (Annex III) and an integrated DPIA + FRIA — date-aware and including the 2026 Digital Omnibus. Every check ends usable: a risk traffic light (🟢🟡🟠🔴), a readiness score (0–100, project maturity, not a legal score), prioritized immediate to-dos, draft notice/consent blocks to review, and a ready-made briefing for a data protection officer or lawyer. It never invents laws, deadlines, fines or sources, does not recommend consent as a blanket fix, and does not sugarcoat risky processing. It is the data-protection pre-check layer alongside Website-Doktor (measured technical audit), the AI Blueprint Assistant (planning) and AI Quality Check (checking AI output).

Examples

What it does not do

  • Gives no legal advice and no final compliance sign-off — does not replace a DPO, lawyer or authority
  • Doesn't claim a project is GDPR/CCPA/AI-Act compliant, and doesn't sugarcoat risky processing
  • Produces no binding legal texts — draft blocks are clearly marked starting points to review
  • Doesn't recommend consent as a blanket fix, or tracking/profiling without a real check
  • Doesn't invent laws, deadlines, fines or sources — flags time-sensitive items as verify-current
  • Won't help launder unlawful processing (dark-pattern consent, hidden tracking) past a review

Compatibility & tech

Claude (Projects & system prompt)ChatGPT (Custom GPT & Custom Instructions)Any LLMNative UI (buttons/forms) where available, Markdown fallback otherwiseOptional: web tool to verify current legal/platform sources
Tested (internal)
4 scenarios
Recommended runtime
Stärkstes verfügbares Modell; für aktuelle Rechts-/Plattform-Quellen eines mit Web-/Such-Tool.
Modes
Quick check (triage) · Project intake (data inventory + data-flow map) · Use-case check · Jurisdiction router · Consent & notice check · Data flow, vendors & transfers · Risk & DPIA screen · AI & AI-Act check · Launch go/no-go gate · Docs & to-do generator · Expert-review briefing
Inputs
Project description (text) · Website / landing page · App / mobile SDK · Newsletter / giveaway / event · Lead / CRM / shop flow · Chatbot / AI agent / RAG · Vendor / data-flow list
Output format
Structured Markdown report (verdict, risk light + readiness score, detected areas, regimes, data & people, high-risk factors, vendors & data flows, use-case check points, open questions, prioritized to-dos, draft text blocks, DPIA/FRIA need, expert-review briefing); optionally a launch-gate table and a documentation set.
Subcategory
Data-protection pre-check & compliance prep
License
Proprietär

Security profile

Local

Runs entirely on your machine with your own AI — no external runtime, no running costs.

Instruction-only

Only instructions, templates and references — no executable scripts.

Network access

Accesses external sources / the network in normal use (e.g. live pages, search/data APIs).

What do these badges mean? →

What you get

  • privacy-check-1.0.0/11 files
    • .claude-plugin/marketplace.json
    • plugins/privacy-check/skills/privacy-check/11 files
      • SKILL.md
      • manifest.json
      • references/9 files
        • consent-notice-modules.md
        • eu-ai-act.md
        • jurisdiction-router.md
        • official-sources.md
        • platform-privacy-rules.md
        • privacy-check-checklist.md
        • privacy-check-method.md
        • risk-score-and-output.md
        • use-case-modules.md
    • .agents/skills/privacy-check/→ universal — same content (Codex, Cursor, Copilot, Gemini, Windsurf, Cline)
    • LICENSE.txt

Installation

After unlocking, you install with a single command — it auto-detects your AI tool.

Runs inClaude CodeGitHub CopilotGemini CLICursorCodex CLIWindsurfCline

Also works as a chat prompt

Full in chat

No AI tool? Paste it into Claude, ChatGPT or Gemini and use the method right away.

This skill ships no scripts, so the prompt carries its full method.

Works best when your chat has web access.

Installing is the full version — it triggers automatically, runs its scripts and loads references as needed. As a chat prompt you drive the method by hand.

Unlock to copy the ready-to-paste prompt — then in “My Skills”.

Reviews

No reviews yet – be the first.

Note

A structured data-protection pre-check, not legal advice and not a final compliance sign-off. Strongest with details on project type, countries and data types; without them it works with flagged assumptions. Confirm time-sensitive legal/platform facts with a web tool, otherwise they are flagged verify-current. For a binding assessment, legal texts or international edge cases, get a qualified data-protection/legal review.

Changelog

  • v1.0.001.07.2026[object Object]

Frequently asked questions

What does Privacy Check do?

Privacy Check is an AI skill for a structured data-protection pre-check of any project — it makes visible which data, purposes, jurisdictions, vendors, consents, retention periods and risks must be checked before you go live. Not just websites: apps, newsletters, giveaways, events, leads/CRM, communities, chatbots, AI agents, shops, courses, HR and automations too. It detects the project type and use cases, routes the relevant regimes (GDPR, ePrivacy, EU AI Act, UK, US state laws), flags high-risk hard, and delivers a risk traffic light, prioritized to-dos and an expert-review briefing. Not legal advice, not a final sign-off.

How do I check data protection before my project goes live?

Privacy Check is a structured data-protection pre-check: it detects the project type and use cases, routes the relevant regimes (GDPR, ePrivacy, EU AI Act, UK, US state laws), builds a data inventory and a data-flow map, flags high-risk factors, and outputs a risk traffic light, prioritized to-dos and an expert-review briefing — instead of leaving you to guess what is missing.

Is Privacy Check legal advice?

No. Privacy Check is explicitly not legal advice and not a final compliance sign-off — it does not replace a data protection officer, lawyer or supervisory authority. It makes visible what must be checked and prepares a professional review. Concrete results always end with a clear not-legal-advice note.

Does Privacy Check only cover websites and cookies?

No. Privacy Check covers websites, apps and mobile SDKs, newsletters, giveaways, events/webinars, leads/CRM, communities, chatbots, AI agents and RAG systems, shops/payment, courses, HR/recruiting and automations — each area has its own use-case module with the right questions and typical mistakes.

Does Privacy Check cover the EU AI Act?

Yes. For AI features Privacy Check screens the GDPR and the EU AI Act in parallel: prohibited practices (Art. 5), transparency duties for chatbots and synthetic content (Art. 50, from 2 Aug 2026), high-risk classification (Annex III, e.g. recruiting) and an integrated DPIA + FRIA — date-aware, including the 2026 Digital Omnibus that may defer the high-risk deadlines.

Does Privacy Check invent laws, deadlines or fines?

No. Privacy Check does not invent legal facts, deadlines, fines or sources. Because privacy law and platform rules change fast, it flags time-sensitive items as verify-current and uses a web tool, where available, to confirm the official source with a retrieval date.

Which AI tools does Privacy Check work with?

Claude (Projects & system prompt) · ChatGPT (Custom GPT & Custom Instructions) · Any LLM · Native UI (buttons/forms) where available, Markdown fallback otherwise · Optional: web tool to verify current legal/platform sources

How do I use Privacy Check?

Privacy Check is a SKILL.md in the open agentskills.io standard: install it with one command (npx) or download it and add it to your AI tool — Claude (Projects), ChatGPT (Custom GPT), Cursor, Copilot, Gemini CLI and more. No code needed.