| name | compliance |
| description | Framework for regulatory compliance including GDPR, CCPA, employment law, and industry-specific regulations. Use when assessing compliance requirements, drafting policies, or conducting compliance audits. |
| metadata | {"clawbot":{"emoji":"✅"}} |
Compliance
This skill provides frameworks and checklists for regulatory compliance across multiple jurisdictions and regulations.
GDPR Compliance Checklist
The General Data Protection Regulation (GDPR) applies to companies processing personal data of EU residents.
Legal Basis
Data Subject Rights
Data Protection Measures
Documentation
Third-Party Processors
CCPA Compliance Checklist
The California Consumer Privacy Act (CCPA) applies to businesses that meet certain thresholds and process California residents' personal information.
Consumer Rights
Notice Requirements
Data Inventory
Verification Procedures
Employee/Contractor Data
Data Processing Agreement Template
# Data Processing Agreement
**Controller**: [Company Name]
**Processor**: [Processor Name]
**Effective Date**: [Date]
## 1. Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person
- "Processing" means any operation performed on Personal Data
- "Controller" means the entity that determines the purposes and means of processing
- "Processor" means the entity that processes Personal Data on behalf of the Controller
## 2. Scope and Purpose
Processor shall process Personal Data solely for the purpose of [specific purpose] and in accordance with Controller's documented instructions.
## 3. Processor Obligations
Processor agrees to:
- Process Personal Data only as instructed by Controller
- Implement appropriate technical and organizational measures to protect Personal Data
- Ensure persons authorized to process Personal Data are bound by confidentiality
- Assist Controller in responding to data subject requests
- Notify Controller without undue delay of any data breach
- Assist Controller in compliance with GDPR/CCPA obligations
- Delete or return Personal Data upon termination
## 4. Sub-Processors
Processor may engage sub-processors with Controller's prior written consent. Processor remains liable for sub-processor compliance.
## 5. Security Measures
Processor shall implement:
- Encryption of Personal Data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Incident response procedures
## 6. Audit Rights
Controller has the right to audit Processor's compliance with this Agreement.
## 7. Term and Termination
This Agreement remains in effect for the duration of the service agreement. Upon termination, Processor shall delete or return all Personal Data.
## 8. Governing Law
This Agreement shall be governed by [Jurisdiction] law.
Privacy Policy Template Structure
# Privacy Policy
## 1. Introduction
- Who we are
- Contact information for privacy inquiries
- Effective date and update history
## 2. Information We Collect
- Personal information collected (name, email, etc.)
- Automatically collected information (cookies, IP address, etc.)
- Information from third parties
- Sensitive information (if applicable)
## 3. How We Use Your Information
- Business purposes for processing
- Legal basis for processing (GDPR)
- Marketing communications (opt-in/opt-out)
## 4. How We Share Your Information
- Service providers
- Business transfers
- Legal requirements
- Sale of personal information (CCPA disclosure)
## 5. Your Rights
- Access rights
- Deletion rights
- Correction rights
- Opt-out rights
- How to exercise rights
## 6. Data Security
- Security measures implemented
- Data breach notification procedures
## 7. Data Retention
- How long we retain data
- Criteria for retention periods
## 8. International Transfers
- Cross-border data transfers
- Safeguards for international transfers
## 9. Children's Privacy
- Age restrictions
- COPPA compliance if applicable
## 10. Changes to This Policy
- How we notify of changes
- Continued use after changes
## 11. Contact Us
- Privacy contact information
- Data Protection Officer (if applicable)
Terms of Service Template Structure
# Terms of Service
## 1. Acceptance of Terms
- Agreement to terms by using service
- Age requirements
- Authority to bind entity
## 2. Description of Service
- What the service provides
- Features and functionality
- Service modifications
## 3. User Accounts
- Account creation requirements
- Account security obligations
- Account termination
## 4. Acceptable Use
- Permitted uses
- Prohibited activities
- Enforcement mechanisms
## 5. Intellectual Property
- Ownership of service IP
- User content ownership
- License grants
- DMCA takedown procedures
## 6. Payment Terms
- Pricing and fees
- Payment methods
- Refund policy
- Price changes
## 7. Service Availability
- Service levels (if any)
- Maintenance windows
- Disclaimers
## 8. Limitation of Liability
- Liability caps
- Exclusions
- Disclaimers of warranties
## 9. Indemnification
- User indemnification obligations
- Scope of indemnification
## 10. Termination
- Termination rights
- Effect of termination
- Survival clauses
## 11. Dispute Resolution
- Governing law
- Jurisdiction
- Arbitration/litigation provisions
## 12. General Provisions
- Entire agreement
- Modifications
- Severability
- Assignment
- Force majeure
Compliance Audit Template
# Compliance Audit: [Regulation/Area]
**Date**: [Date]
**Auditor**: [Name]
**Scope**: [What was audited]
## Audit Objectives
- [ ] Verify compliance with [regulation/requirement]
- [ ] Identify compliance gaps
- [ ] Assess effectiveness of controls
- [ ] Review documentation
## Findings
### Compliant Areas
- [Finding 1]
- [Finding 2]
### Non-Compliant Areas
- [Finding 1] — Risk: [Level] — Remediation: [Action]
- [Finding 2] — Risk: [Level] — Remediation: [Action]
### Recommendations
1. [Recommendation 1]
2. [Recommendation 2]
## Action Plan
- [ ] [Action item 1] — Owner: [Name] — Due: [Date]
- [ ] [Action item 2] — Owner: [Name] — Due: [Date]
## Follow-Up
- Next audit date: [Date]
- Monitoring procedures: [Description]
Regulatory Change Impact Assessment
# Regulatory Change Impact Assessment
**Regulation**: [Name of regulation/law]
**Effective Date**: [Date]
**Assessment Date**: [Date]
## Summary of Changes
[Description of what changed in the regulation]
## Impact Analysis
- **High Impact**: [Areas significantly affected]
- **Medium Impact**: [Areas moderately affected]
- **Low Impact**: [Areas minimally affected]
## Current State Assessment
- [ ] Current practices compliant with new requirements
- [ ] Gaps identified: [List gaps]
- [ ] Risk level: [Low / Medium / High]
## Required Actions
- [ ] [Action 1] — Priority: [High / Medium / Low] — Due: [Date]
- [ ] [Action 2] — Priority: [High / Medium / Low] — Due: [Date]
## Resource Requirements
- **Time**: [Estimated hours]
- **Cost**: [Estimated cost]
- **Personnel**: [Who needs to be involved]
## Timeline
- [Phase 1]: [Date range] — [Activities]
- [Phase 2]: [Date range] — [Activities]
- [Phase 3]: [Date range] — [Activities]
## Monitoring
- [ ] Set up monitoring for ongoing compliance
- [ ] Schedule follow-up review: [Date]