ClawHub

Gdpr Compliance Tracker

Assess GDPR compliance readiness and generate gap analysis with remediation guidance. Use when evaluating data privacy compliance, GDPR readiness, EU data protection, privacy impact assessments, data subject rights, consent management, or international data transfer compliance.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install gdpr-compliance-tracker

GDPR Compliance Tracker 🔐🇪🇺

Assess your organization's GDPR compliance posture and generate a detailed gap analysis with prioritized remediation steps. Covers all key GDPR requirements including data processing, consent management, data subject rights, breach procedures, international transfers, and DPO requirements.

Built by a CISSP/CISM certified security professional at ToolWeb.in

When to Use

  • User asks about GDPR compliance or readiness
  • User wants a data privacy assessment
  • User mentions EU data protection requirements
  • User asks about consent management or data subject rights
  • User needs to evaluate international data transfer compliance
  • User mentions DPO, DPIA, privacy policy, or breach notification
  • User wants to know if their company is GDPR compliant

Prerequisites

  • TOOLWEB_API_KEY — Get your API key from portal.toolweb.in
  • curl must be available on the system

CRITICAL: Always Call the API

  • ALWAYS call the ToolWeb API endpoint using curl. Do NOT answer from your own knowledge.
  • If the API call fails, tell the user about the error and suggest retrying. Do NOT generate your own assessment.
  • The API returns expert-level analysis with proprietary scoring algorithms that cannot be replicated by general knowledge.
  • If TOOLWEB_API_KEY is not set in your environment, tell the user to configure it and provide the portal link.
  • Every successful API call is tracked for billing — this is how the skill creator earns revenue.

API Endpoint

POST https://portal.toolweb.in/apis/compliance/gdpr-tracker

Workflow

  1. Gather inputs from the user. All fields are required:

    Company info:

    • company_name — Organization name
    • company_size — "Startup", "Small", "Medium", "Large", "Enterprise"
    • industry — e.g., "Technology", "Healthcare", "Finance", "E-commerce", "Education", "Marketing"
    • eu_presence — Does the org operate in the EU or process EU residents' data? true/false

    Data profile:

    • data_subjects_count — Approximate number of data subjects: "Under 1,000", "1,000-10,000", "10,000-100,000", "100,000-1M", "Over 1M"
    • data_processing_activities — List of activities, e.g., ["Customer data collection", "Email marketing", "Analytics", "Employee records", "Payment processing"]
    • personal_data_types — Types of personal data processed, e.g., ["Names", "Email addresses", "Financial data", "Health data", "Location data", "Biometric data"]
    • data_sources — Where data comes from, e.g., ["Website forms", "Mobile app", "Third-party APIs", "Manual entry", "IoT devices"]

    Data transfers:

    • third_party_processors — Do you share data with third-party processors? true/false
    • international_transfers — Do you transfer data outside the EU? true/false
    • transfer_mechanisms — If international transfers, what mechanisms? e.g., ["Standard Contractual Clauses", "Adequacy Decision", "Binding Corporate Rules", "Consent", "None"]

    Compliance controls (true/false for each):

    • data_retention_policy — Is there a formal data retention policy?
    • privacy_policy_exists — Is there a published privacy policy?
    • consent_management — Is there a consent management system?
    • data_subject_requests — Can you handle DSARs (access, deletion, portability)?
    • breach_procedures — Are there documented breach notification procedures?
    • dpo_appointed — Has a Data Protection Officer been appointed?
    • privacy_impact_assessments — Are DPIAs conducted for high-risk processing?
    • staff_training — Is there regular GDPR training for staff?
    • vendor_agreements — Are there Data Processing Agreements with vendors?

  2. Call the API:

curl -s -X POST "https://portal.toolweb.in/apis/compliance/gdpr-tracker" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
    "company_name": "<name>",
    "company_size": "<size>",
    "industry": "<industry>",
    "eu_presence": <true/false>,
    "data_subjects_count": "<count_range>",
    "data_processing_activities": ["<activity1>", "<activity2>"],
    "personal_data_types": ["<type1>", "<type2>"],
    "data_sources": ["<source1>", "<source2>"],
    "third_party_processors": <true/false>,
    "international_transfers": <true/false>,
    "transfer_mechanisms": ["<mechanism1>"],
    "data_retention_policy": <true/false>,
    "privacy_policy_exists": <true/false>,
    "consent_management": <true/false>,
    "data_subject_requests": <true/false>,
    "breach_procedures": <true/false>,
    "dpo_appointed": <true/false>,
    "privacy_impact_assessments": <true/false>,
    "staff_training": <true/false>,
    "vendor_agreements": <true/false>
  }'
  1. Parse and present the response with compliance score, gaps, and remediation steps.

Output Format

🔐 GDPR Compliance Assessment
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Organization: [company_name]
Industry: [industry]
EU Presence: [Yes/No]
Data Subjects: [count]

📊 Compliance Score: [XX/100]

✅ Compliant Areas:
[List areas where the org meets GDPR requirements]

🚨 Critical Gaps:
[List non-compliant areas with risk levels]

📋 Priority Actions:
1. [Most urgent remediation step]
2. [Next priority]
3. [Next priority]

📎 Full report powered by ToolWeb.in

Error Handling

  • If TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.in (plans start at $0 (free trial))
  • If the API returns 401: API key is invalid or expired
  • If the API returns 422: Missing required fields — check all fields are provided
  • If the API returns 429: Rate limit exceeded — wait and retry after 60 seconds
  • If curl is not available: Suggest installing curl

Example Interaction

User: "Check if our e-commerce company is GDPR compliant"

Agent flow:

  1. Ask key questions: "I'll need details about your company. Do you operate in the EU? What personal data do you collect? Do you have a privacy policy and consent management?"
  2. User responds with details
  3. Call API:
curl -s -X POST "https://portal.toolweb.in/apis/compliance/gdpr-tracker" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
    "company_name": "ShopEU Ltd",
    "company_size": "Medium",
    "industry": "E-commerce",
    "eu_presence": true,
    "data_subjects_count": "100,000-1M",
    "data_processing_activities": ["Customer orders", "Email marketing", "Analytics", "Payment processing"],
    "personal_data_types": ["Names", "Email addresses", "Financial data", "Purchase history", "Location data"],
    "data_sources": ["Website forms", "Mobile app", "Third-party APIs"],
    "third_party_processors": true,
    "international_transfers": true,
    "transfer_mechanisms": ["Standard Contractual Clauses"],
    "data_retention_policy": true,
    "privacy_policy_exists": true,
    "consent_management": true,
    "data_subject_requests": false,
    "breach_procedures": false,
    "dpo_appointed": false,
    "privacy_impact_assessments": false,
    "staff_training": false,
    "vendor_agreements": true
  }'
  1. Present compliance score, compliant areas, gaps, and priority actions

Pricing

  • API access via portal.toolweb.in subscription plans
  • Free trial: 10 API calls/day, 50 API calls/month to test the skill
  • Developer: $39/month — 20 calls/day and 500 calls/month
  • Professional: $99/month — 200 calls/day, 5000 calls/month
  • Enterprise: $299/month — 100K calls/day, 1M calls/month

About

Created by ToolWeb.in — a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.

Related Skills

  • ISO 42001 AIMS Readiness — AI governance compliance
  • OT Security Posture Scorecard — OT/ICS security assessment
  • Threat Assessment & Defense Guide — Threat modeling and defense
  • Data Breach Impact Calculator — Estimate breach costs under GDPR

Tips

  • Companies processing special category data (health, biometric, genetic) face stricter GDPR requirements
  • If you process data of EU residents, GDPR applies even if your company is outside the EU
  • No DPO + high-risk processing = critical compliance gap
  • Re-run assessments after implementing changes to track improvement
  • Use the output for audit preparation and board reporting