GDPR Audit Prep | Chalie Skills

What it does

Pressure-testing GDPR compliance before internal audits, DPA investigations, breach responses, or acquisition due diligence.

When this skill is activated, Chalie follows these steps:

Use memory to recall any prior GDPR assessments, known gaps, or compliance decisions already documented.
Ask for the audit scope: which processing activities, systems, or business units are in scope; use memory to surface any prior scope decisions.
Use document to record whether the Article 30 Record of Processing Activities (RoPA) exists with a recent update date, covers all required elements, and documents joint controller arrangements.
Use document to record the lawful basis under Article 6 for each key processing activity and flag any that rely on consent without a documented withdrawal mechanism.
Use read or search to check whether high-risk processing activities have a completed DPIA per Article 35, including the four required elements: systematic description, necessity assessment, risk to rights, and mitigation measures.
Use document to record DSAR response workflow findings: whether the organization can respond within one month, has an identity verification process, and covers the right to erasure including backups and processors.
Use search to check transfer compliance: confirm that non-EU data transfers rely on adequacy decisions, SCCs, or documented derogations with completed Transfer Impact Assessments.
Use document to save an audit readiness report listing confirmed controls, open gaps, and prioritized remediation actions.

v1 (curated)