P
⚖️LegalAdvanced4 steps

GDPR Compliance Verification Agent for Websites and Applications

This agent analyzes your personal data processing and verifies its compliance with the General Data Protection Regulation (GDPR). It identifies compliance gaps, assesses associated risks, and generates a prioritized remediation plan with concrete recommendations.

conformité RGPDaudit juridiqueprotection des donnéescomplianceDPO

For who

DPOs, compliance officers, corporate lawyers, GDPR consultants, and SMB executives looking to quickly audit their GDPR compliance.

Input

Type: text
Format: libre

Description de l'organisation, de ses activités, des traitements de données personnelles réalisés (formulaires, bases clients, RH, marketing, sous-traitants, outils utilisés), des mesures de sécurité en place et des documents de conformité existants (politique de confidentialité, registre des traitements, CGU/CGV, contrats sous-traitants).

steps (4)

1

Processing Activities Mapping

prompt

Analysis and structuring of all declared personal data processing activities

2

Article-by-Article Compliance Audit

prompt

Systematic verification of each processing activity's compliance with key GDPR requirements

3

Risk Assessment and Prioritization

prompt

Classification of gaps by risk level and remediation urgency

4

Detailed Remediation Plan

prompt

Generation of a concrete corrective action plan with owners and deadlines

Output

Type: text
Format: structuré

Rapport de conformité RGPD complet comprenant : registre des traitements cartographié, grille d'audit article par article avec statuts de conformité, matrice des risques priorisée, et plan de remédiation détaillé avec actions correctives, responsables, échéances et indicateurs de succès.

Example

Input

Our B2B SaaS company (50 employees, 5M EUR revenue) publishes HR management software. We collect data from our clients (companies) and their employees: name, first name, email, social security number, pay slips, sick leave. Hosted on AWS Ireland and AWS US-East. We use Google Analytics, HubSpot for marketing, and Slack internally. No appointed DPO. Privacy policy dating from 2019. Cookie consent via a simple banner 'By continuing, you agree'. No formalized processing register. Payroll subcontractor based in Tunisia without specific contractual clauses.

Output

**Overall compliance score: 35/100 — Critical level**

**Register**: 8 processing activities identified, including 3 at very high risk (employee health data, social security numbers, pay slips).

**Critical gaps P1**:
- No DPO despite being mandatory (large-scale sensitive data processing, Art. 37)
- Payroll data transfer to Tunisia without valid transfer mechanism (Art. 44-49)
- Health data processing without DPIA (Art. 35)
- Cookie banner non-compliant (no equivalent refusal option, consent not freely given)

**Important gaps P2**:
- Outdated and incomplete privacy policy
- No formalized processing register (Art. 30)
- Processor contracts without Art. 28 clauses

**Phase 1 (urgent)**: Appoint a DPO, suspend Tunisia transfer or implement SCCs, complete the DPIA, redo cookie banner with compliant CMP.
**Phase 2**: Update privacy policy, formalize the register, renegotiate processor contracts.
**Phase 3**: Train teams, implement rights exercise process, plan semi-annual audits.

Customization

ParameterDescriptionDefault
Secteur d'activitéSecteur de l'organisation pour adapter les exigences sectorielles spécifiques (santé, finance, e-commerce, RH, éducation)Généraliste
Niveau de détail du rapportGranularité souhaitée pour le rapport : synthétique (direction), standard (DPO), ou exhaustif (audit formel CNIL)Standard
Référentiel complémentaireRéférentiels additionnels à croiser avec le RGPD : recommandations CNIL, ISO 27701, ePrivacy, CCPA, guidelines EDPBRecommandations CNIL

Technical Notes

<p>This agent performs an analysis based on declarative information provided by the user. It does not replace a field audit or personalized legal advice. For organizations processing sensitive data at large scale (health, biometrics, judicial data), it is recommended to complement this analysis with a consultation with a certified DPO or specialized firm.</p><p>The prompts are calibrated on the GDPR (EU Regulation 2016/679) and EDPB (European Data Protection Board) guidelines. For multi-jurisdictional compliance, activate the appropriate complementary framework (CCPA for the United States, LGPD for Brazil, etc.).</p><p>For a more thorough audit, provide your existing documents as input: privacy policy, processing register, processor contracts, completed DPIAs. The agent can then perform a comparative analysis between your documents and regulatory requirements.</p>

Glossary Terms

ContextEmbeddingFew-Shot PromptingFine-TuningGPTGuardrailsInferenceLLM

Related Prompts

⚖️LegalIntermediateAll AIs

Sora Prompt for Drafting a Contract

Drafting contracts is a demanding task requiring legal precision, editorial clarity, and impeccable structure. Sora, the AI tool developed by OpenAI, offers advanced capabilities to assist professionals in creating contractual documents. Whether you are a lawyer, entrepreneur, or freelancer, using Sora to draft a contract saves considerable time while maintaining a professional quality standard. The AI can generate standard clauses, adapt the language register to the legal context, and structure the entire document according to current conventions. With a well-constructed prompt, Sora produces coherent contracts incorporating mandatory statements, general terms, and clauses specific to your situation. It does not replace a lawyer's expertise for high-stakes contracts, but provides a solid starting point for common agreements: service contracts, NDAs, general terms of sale, or partnership agreements. In this guide, you will find optimized prompts to get the most out of Sora in contract drafting, with variants adapted to your level of expertise.

035
⚖️LegalIntermediateAll AIs

DALL-E Prompt for Drafting Terms of Use

Drafting Terms of Use (TOU) is an essential legal step for any website or application. While DALL-E is primarily an image generation tool, it proves highly valuable in this context by creating explanatory visuals, infographics, and illustrations that make your TOU more accessible and understandable for your users. TOU are often perceived as tedious documents that no one reads. By incorporating visual elements generated by DALL-E—icons representing each section, diagrams illustrating rights and obligations, or infographics summarizing key points—you transform a dry legal document into an engaging user experience. This visual approach improves transparency, strengthens user trust, and may even reduce disputes by making clauses easier to understand. DALL-E allows you to quickly produce custom illustrations tailored to your brand guidelines without needing a designer. Discover how to leverage this tool to visually accompany your TOU and finally make them readable.

035
⚖️LegalBeginnerAll AIs

Timeline of Events Organizer

Organizing complex fact patterns chronologically

035
⚖️LegalIntermediateClaude

Claude Prompt for Drafting a Contract

Drafting contracts is a demanding task requiring legal precision, editorial clarity, and rigorous structure. Claude, Anthropic's AI assistant, can effectively support you in this process by generating professional contract drafts tailored to your specific needs. Whether you are an entrepreneur, freelancer, or legal officer, Claude helps you structure clauses, anticipate friction points, and formulate clear provisions for both parties. The AI particularly excels in producing complete first drafts that you can later refine with a legal professional. By providing precise context — contract type, parties involved, respective obligations, and specific conditions — you obtain a structured document covering essential clauses: purpose, duration, obligations, compensation, confidentiality, termination, and dispute resolution. Claude does not replace a lawyer but significantly speeds up the drafting process and ensures you do not overlook any fundamental element in your contract.

066