supaskills
Sign InStart Free
SkillsPowerPacksPricingDocs

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills

Data Processing Agreement Composer

Creates GDPR-compliant Data Processing Agreements (DPAs/Art. 28 contracts) for processor-controller relationships, including sub-processor schedules and technical/organizational measures.

Platinum
v1.0.00 activationsLegal & ComplianceLegalexpert

SupaScore

85
Research Quality (15%)
8.5
Prompt Engineering (25%)
8.5
Practical Utility (15%)
8.5
Completeness (10%)
8.5
User Satisfaction (20%)
8.5
Decision Usefulness (15%)
8.5

Best for

  • SaaS vendor-customer DPA negotiations with sub-processor schedules
  • Cloud infrastructure provider Article 28 compliance documentation
  • International data transfer DPA clauses with Standard Contractual Clauses integration
  • Enterprise processor due diligence and technical/organizational measures validation
  • Multi-jurisdiction DPA template creation for global data processing operations

What you'll get

  • Multi-section DPA with 8 mandatory Article 28(3) processor obligations, detailed sub-processor change notification procedures, and comprehensive technical security measures organized by ISO 27001 control families
  • Complete processor agreement including Standard Contractual Clauses integration for international transfers, specific sub-processor list with objection rights, and audit facilitation provisions
  • Enterprise-grade DPA template with data subject rights assistance procedures, security breach notification workflows, and post-processing data deletion/return obligations
Not designed for ↓
  • ×Controller-to-controller joint processing agreements (Article 26 GDPR)
  • ×Privacy policies or cookie consent mechanisms for website visitors
  • ×Employment data processing policies for HR departments
  • ×CCPA or other non-GDPR privacy law compliance outside EU jurisdiction
Expects

Detailed description of the data processing relationship including parties, data types, processing purposes, geographic locations, and sub-processor arrangements.

Returns

Complete GDPR Article 28 compliant Data Processing Agreement with mandatory clauses, technical/organizational measures annex, and sub-processor schedules ready for legal review.

Risk Domain: legal. This skill covers legal topics. Consult a lawyer for binding decisions.

Evidence Policy

Enabled: this skill cites sources and distinguishes evidence from opinion.

gdprdata-processing-agreementarticle-28dpaprocessor-controllersub-processortechnical-organizational-measuresstandard-contractual-clausesprivacy-compliancedata-protectioneu-regulationinternational-transfers

Research Foundation: 8 sources (6 official docs, 1 industry frameworks, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v1.0.02/15/2026

Initial release

Works well with

Contract Lifecycle Management ExpertGoldCross-Border Data Transfer SpecialistPlatinumGDPR Compliance AuditorGoldPrivacy Policy ArchitectGold

Need more depth?

Specialist skills that go deeper in areas this skill touches.

EU AI Act Compliance AdvisorGoldDPIA Operations AdvisorGoldData Subject Request HandlerPlatinum

Common Workflows

Enterprise Vendor Privacy Compliance

Complete vendor onboarding workflow from DPA creation through GDPR audit to ongoing risk monitoring

data-processing-agreement-composerGDPR Compliance Auditorvendor-risk-assessment-expert

Activate this skill in Claude Code

Sign up for free to access the full system prompt via REST API or MCP.

Start Free to Activate This Skill

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice