Menu
[COMMUNITY] Assess Austrian DSG / DSGVO obligations — Datenschutzbehörde patterns, §§12–13 DSG special provisions, image processing (§12 DSG), and Austrian enforcement practice
[COMMUNITY] Generate a Data Sharing Agreement under the UAE Government Services Data Sharing Policy. Captures collect-once mapping, federation/API plan, and PDPL lawful basis per share.
[COMMUNITY] Generate a UAE PDPL (Federal Decree-Law 45/2021) compliance assessment including DPIA, lawful-basis register, data-subject-rights procedure, and cross-border transfer log. Anchored on the UAE Data Office statutory framework.
Implements compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDP Law) and its Executive Regulations. Covers data controller and processor obligations, data subject rights, cross-border transfer requirements, sensitive data processing, and UAE Data Office enforcement. Keywords: UAE PDP, Federal Decree-Law 45, UAE Data Office, DIFC, ADGM, cross-border transfer.
Expert UAE real estate compliance agent ensuring all brokerage operations, outreach campaigns, property transactions, and marketing materials comply with RERA regulations, DLD requirements, UAE Federal laws, and anti-money laundering standards. The legal immune system of the operation.
Search Argentine legal databases (SAIJ, JUBA, CSJN, JUSCABA) for jurisprudence, legislation, case summaries, and doctrine using the `ley` CLI. Use when the user asks about Argentine law, court decisions, legal precedents, fallos, jurisprudencia, legislación, or mentions SAIJ, JUBA, CSJN, JUSCABA. Supports parallel search across databases, JSON/table/text output, and filtering by jurisdiction. Built from reverse-engineered MCP servers (hernan-cc) — direct HTTP calls, no MCP layer needed.
Prueft Impressum, Datenschutzerklaerung und Vereinsangaben auf oesterreichische Rechtskonformitaet (ECG § 5, DSGVO Art. 13/14, VerG)
| name | arckit-at-dsgvo |
| title | User Input |
| description | [COMMUNITY] Assess Austrian DSG / DSGVO obligations — Datenschutzbehörde patterns, §§12–13 DSG special provisions, image processing (§12 DSG), and Austrian enforcement practice |
| author | tractorjuice |
| author_url | https://github.com/tractorjuice/arc-kit/tree/main/arckit-codex/skills/arckit-at-dsgvo |
| license | MIT |
| version | 0.1.0 |
| execution_mode | open |
| jurisdiction | at |
| practice | data-protection |
| language | de |
⚠️ Community-contributed command — not part of the officially-maintained ArcKit baseline. Output should be reviewed by qualified DSB-Beauftragter / DPO / Rechtsabteilung before reliance. Citations to Datenschutzbehörde (DSB) / EU regulations may lag the current text — verify against the source. Some citations are marked
[NEEDS VERIFICATION]and should be confirmed by an Austrian data protection practitioner before external use.
You are helping an enterprise architect generate an Austrian Data Protection Assessment — the Austrian-specific GDPR layer applied by the Datenschutzbehörde (DSB) under the Datenschutzgesetz (DSG 2018, BGBl. I Nr. 165/1999 as amended). Run this after $arckit-eu-rgpd to add Austrian obligations that go beyond the EU GDPR baseline.
$ARGUMENTS
Note: Before generating, scan
projects/for existing project directories. For each project, list allARC-*.mdartifacts, checkexternal/for reference documents, and check000-global/for cross-project policies. If no external docs exist but they would improve output, ask the user.
MANDATORY (warn if missing):
$arckit-at-dsgvo should be run after $arckit-eu-rgpd for best results. Proceed with available data.RECOMMENDED (read if available, note if missing):
OPTIONAL (read if available, skip silently):
external/ — extract previous DSB correspondence, Verarbeitungsverzeichnis (Art. 30 ROPA), existing Auftragsverarbeitungsverträge (DPAs), Betriebsvereinbarungen for employee data000-global/policies/ — extract Datenschutzerklärung, data retention schedule, DSB-Meldungen policyIdentify the target project from the hook context. If the project doesn't exist:
projects/*/ directories and find the highest NNN-* numberprojects/{NNN}-{slug}/README.mdPROJECT_ID and PROJECT_PATHRead all documents from Step 0. Identify:
Read the template (with user override support):
.arckit/templates-custom/at-dsgvo-template.md exists in the project root.arckit/templates/at-dsgvo-template.mdCRITICAL: Use the Write tool to create the assessment document.
Detect version: Check for existing ARC-{PROJECT_ID}-ATDSG-v*.md files:
Auto-populate Document Control:
ARC-{PROJECT_ID}-ATDSG-v{VERSION}Section 1: AT DSG Regulatory Framework
[NEEDS VERIFICATION: confirm current venue rules]Section 2: §§12–13 DSG — Image and Video Processing (conditional — only if CCTV/imagery detected)
[NEEDS VERIFICATION: confirm current guidance version]Section 3: Health Data and ELGA (conditional — only if health data detected)
$arckit-dpiaSection 4: Employee Data (Arbeitnehmerdatenschutz) (conditional — only if employee data in scope)
[NEEDS VERIFICATION: confirm exact §96a(1) sub-point and threshold]Section 5: Scientific Research (§§7–8 DSG) (conditional — only if research use case)
[NEEDS VERIFICATION: confirm current §2d text and practice]Section 6: Data Subject Rights (Austrian enforcement)
[NEEDS VERIFICATION]Section 7: DSB Reporting and Registration
Section 8: Breach Notification to DSB
[NEEDS VERIFICATION: recent DSB penalty cases]Section 9: International Transfers (AT context)
[NEEDS VERIFICATION]Section 10: DSB Enforcement Priorities and Gap Analysis
[NEEDS VERIFICATION: cite recent DSB annual report][NEEDS VERIFICATION]Before writing the file, read .arckit/references/quality-checklist.md and verify all Common Checks pass.
Write the document to:
projects/{project_id}/ARC-{PROJECT_ID}-ATDSG-v{VERSION}.md
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ AT DSG / DSGVO Assessment Generated
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📄 Document: projects/{project_id}/ARC-{PROJECT_ID}-ATDSG-v{VERSION}.md
📋 Document ID: {document_id}
📅 Assessment Date: {date}
🔒 Classification: OFFICIAL-SENSITIVE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📊 Austrian-Specific Compliance Areas
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
| Area | Status | Gaps |
|---------------------------------|--------------|------|
| §§12–13 Image/Video Processing | {N/A or status} | {N} |
| Health Data / ELGA | {N/A or status} | {N} |
| Employee Data / §96a ArbVG | {N/A or status} | {N} |
| Research Exemptions §§7–8 DSG | {N/A or status} | {N} |
| Age of Consent (14 years) | {N/A or status} | {N} |
| DPO Registration with DSB | {status} | {N} |
| DSB Enforcement Risks | {level} | {N} |
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚡ Critical Actions
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
{List 🔴 High priority gaps}
Next steps:
1. {If DPIA required: Run $arckit-dpia}
2. {If employee monitoring: draft Betriebsvereinbarung §96a ArbVG}
3. {If no eu-rgpd baseline: Run $arckit-eu-rgpd first}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
$arckit-eu-rgpd first, then this command.[NEEDS VERIFICATION] must be confirmed against current DSB guidance before external use.projects/{project_id}/ARC-{PROJECT_ID}-ATDSG-v{VERSION}.md$arckit-at-dsgvo Austrian DSG layer for 001 — federal ministry HR system with CCTV at entrances, employee data, and potential monitoring of IT usage
$arckit-at-dsgvo Assess AT DSG obligations for a Vienna regional hospital group integrating with ELGA, processing Gesundheitsdaten, planning mobile patient portal
$arckit-at-dsgvo AT data protection for a research consortium processing pseudonymised health data for a longitudinal cohort study under §§7–8 DSG
After completing this command, consider running:
$arckit-dpia -- Run a full Data Protection Impact Assessment if AT DSB screening flags high risk (when 2+ AT DPIA criteria triggered or DSB published Blacklist applies)$arckit-eu-rgpd -- Run the pan-EU GDPR baseline first if not already completed (when No prior eu-rgpd assessment exists for this project)$arckit-at-nisg -- Assess NISG obligations where personal data is processed by Essential/Important entities (when Entity potentially qualifies as Essential or Important under NISG)