P
⚖️LegalAdvanced4 steps

GDPR Compliance Verification Agent for Websites and Applications

This agent analyzes your personal data processing and verifies its compliance with the General Data Protection Regulation (GDPR). It identifies compliance gaps, assesses associated risks, and generates a prioritized remediation plan with concrete recommendations.

conformité RGPDaudit juridiqueprotection des donnéescomplianceDPO

For who

DPOs, compliance officers, corporate lawyers, GDPR consultants, and SMB executives looking to quickly audit their GDPR compliance.

Input

Type: text
Format: libre

Description de l'organisation, de ses activités, des traitements de données personnelles réalisés (formulaires, bases clients, RH, marketing, sous-traitants, outils utilisés), des mesures de sécurité en place et des documents de conformité existants (politique de confidentialité, registre des traitements, CGU/CGV, contrats sous-traitants).

steps (4)

1

Processing Activities Mapping

prompt

Analysis and structuring of all declared personal data processing activities

2

Article-by-Article Compliance Audit

prompt

Systematic verification of each processing activity's compliance with key GDPR requirements

3

Risk Assessment and Prioritization

prompt

Classification of gaps by risk level and remediation urgency

4

Detailed Remediation Plan

prompt

Generation of a concrete corrective action plan with owners and deadlines

Output

Type: text
Format: structuré

Rapport de conformité RGPD complet comprenant : registre des traitements cartographié, grille d'audit article par article avec statuts de conformité, matrice des risques priorisée, et plan de remédiation détaillé avec actions correctives, responsables, échéances et indicateurs de succès.

Example

Input

Our B2B SaaS company (50 employees, 5M EUR revenue) publishes HR management software. We collect data from our clients (companies) and their employees: name, first name, email, social security number, pay slips, sick leave. Hosted on AWS Ireland and AWS US-East. We use Google Analytics, HubSpot for marketing, and Slack internally. No appointed DPO. Privacy policy dating from 2019. Cookie consent via a simple banner 'By continuing, you agree'. No formalized processing register. Payroll subcontractor based in Tunisia without specific contractual clauses.

Output

**Overall compliance score: 35/100 — Critical level**

**Register**: 8 processing activities identified, including 3 at very high risk (employee health data, social security numbers, pay slips).

**Critical gaps P1**:
- No DPO despite being mandatory (large-scale sensitive data processing, Art. 37)
- Payroll data transfer to Tunisia without valid transfer mechanism (Art. 44-49)
- Health data processing without DPIA (Art. 35)
- Cookie banner non-compliant (no equivalent refusal option, consent not freely given)

**Important gaps P2**:
- Outdated and incomplete privacy policy
- No formalized processing register (Art. 30)
- Processor contracts without Art. 28 clauses

**Phase 1 (urgent)**: Appoint a DPO, suspend Tunisia transfer or implement SCCs, complete the DPIA, redo cookie banner with compliant CMP.
**Phase 2**: Update privacy policy, formalize the register, renegotiate processor contracts.
**Phase 3**: Train teams, implement rights exercise process, plan semi-annual audits.

Customization

ParameterDescriptionDefault
Secteur d'activitéSecteur de l'organisation pour adapter les exigences sectorielles spécifiques (santé, finance, e-commerce, RH, éducation)Généraliste
Niveau de détail du rapportGranularité souhaitée pour le rapport : synthétique (direction), standard (DPO), ou exhaustif (audit formel CNIL)Standard
Référentiel complémentaireRéférentiels additionnels à croiser avec le RGPD : recommandations CNIL, ISO 27701, ePrivacy, CCPA, guidelines EDPBRecommandations CNIL

Technical Notes

<p>This agent performs an analysis based on declarative information provided by the user. It does not replace a field audit or personalized legal advice. For organizations processing sensitive data at large scale (health, biometrics, judicial data), it is recommended to complement this analysis with a consultation with a certified DPO or specialized firm.</p><p>The prompts are calibrated on the GDPR (EU Regulation 2016/679) and EDPB (European Data Protection Board) guidelines. For multi-jurisdictional compliance, activate the appropriate complementary framework (CCPA for the United States, LGPD for Brazil, etc.).</p><p>For a more thorough audit, provide your existing documents as input: privacy policy, processing register, processor contracts, completed DPIAs. The agent can then perform a comparative analysis between your documents and regulatory requirements.</p>

Glossary Terms

ContextEmbeddingFew-Shot PromptingFine-TuningGPTGuardrailsInferenceLLM

Related Prompts

⚖️LegalIntermediateAll AIs

Summarize a Court Decision with AI

This prompt summarizes a court decision in a structured manner by extracting the facts, procedure, legal question, reasoning and jurisprudential significance.

094
⚖️LegalIntermediateAll AIs

Create a Custom Confidentiality Clause with AI

This prompt generates a professional, customizable confidentiality clause compliant with applicable law and GDPR, adapted to any contract type.

089
⚖️LegalIntermediateAll AIs

Analyze Your Commercial Lease Clause by Clause with AI

An expert prompt to analyze a commercial lease clause by clause, identify legal risks and get concrete negotiation recommendations.

038
⚖️LegalIntermediateAll AIs

Analyze a Contract and Identify All Legal Risks with AI

A comprehensive prompt to analyze a contract clause by clause, identify legal risks, imbalances and missing clauses, with concrete recommendations before signing.

0105