---

name: compliance-management description: Master compliance management with GDPR, SOC 2, ISO 27001, audit preparation, and regulatory requirements.

Compliance Management

Ensure compliance with security regulations and standards through proper controls, documentation, and audit preparation.

When to Use This Skill

• Audit preparation
• Compliance certification
• Risk assessments
• Policy development
• Control implementation
• Vendor assessments
• Compliance reporting
• Regulatory requirements

Core Concepts

1. GDPR Compliance Checklist

Copy# GDPR Compliance Checklist

## Lawful Basis
- [ ] Document lawful basis for processing
- [ ] Obtain consent where required
- [ ] Provide clear privacy notice

## Data Subject Rights
- [ ] Right to access (data export)
- [ ] Right to rectification (data correction)
- [ ] Right to erasure (data deletion)
- [ ] Right to portability (data download)
- [ ] Right to object (opt-out)

## Data Protection
- [ ] Encryption in transit (TLS 1.2+)
- [ ] Encryption at rest
- [ ] Access controls
- [ ] Data minimization
- [ ] Retention policies

## Accountability
- [ ] Privacy by design
- [ ] Data Protection Impact Assessment (DPIA)
- [ ] Data processing agreements (DPAs)
- [ ] Breach notification process (<72 hours)
- [ ] Data protection officer (if required)

## Documentation
- [ ] Record of processing activities
- [ ] Privacy policy
- [ ] Cookie policy
- [ ] Data breach procedures

2. SOC 2 Control Framework

Copy# SOC 2 Trust Service Criteria

## Security (Required)
- Access controls
- Encryption
- Firewall management
- Intrusion detection
- Vulnerability management
- Incident response

## Availability
- System monitoring
- Backup procedures
- Disaster recovery
- Capacity planning

## Processing Integrity
- Data validation
- Error handling
- Quality assurance

## Confidentiality
- Access restrictions
- Encryption
- Non-disclosure agreements

## Privacy
- Consent management
- Data retention
- Third-party sharing

Best Practices

1. Gap analysis - Current vs required state
2. Document policies - Clear, comprehensive
3. Implement controls - Technical and operational
4. Train staff - Awareness and procedures
5. Continuous monitoring - Ongoing compliance
6. Regular audits - Internal and external
7. Remediation tracking - Close gaps systematically
8. Evidence collection - Audit-ready documentation

Resources

• GDPR.eu: Official GDPR resource
• SOC 2 Academy: SOC 2 compliance guide
• ISO 27001 Toolkit: Implementation guide