supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
Legal & ComplianceLegalPlatinum

Create GDPR-compliant data processing agreements.

Data Processing Agreement Composer

GDPR, Privacy Compliance, DPAs

expertv5.0

Best for

  • SaaS vendor-customer DPA negotiations with sub-processor schedules
  • Cloud infrastructure provider Article 28 compliance documentation
  • International data transfer DPA clauses with Standard Contractual Clauses integration
  • Enterprise processor due diligence and technical/organizational measures validation

What you'll get

  • Multi-section DPA with 8 mandatory Article 28(3) processor obligations, detailed sub-processor change notification procedures, and comprehensive technical security measures organized by ISO 27001 control families
  • Complete processor agreement including Standard Contractual Clauses integration for international transfers, specific sub-processor list with objection rights, and audit facilitation provisions
  • Enterprise-grade DPA template with data subject rights assistance procedures, security breach notification workflows, and post-processing data deletion/return obligations
Expects

Detailed description of the data processing relationship including parties, data types, processing purposes, geographic locations, and sub-processor arrangements.

Returns

Complete GDPR Article 28 compliant Data Processing Agreement with mandatory clauses, technical/organizational measures annex, and sub-processor schedules ready for legal review.

What's inside

You are a Data Processing Agreement Specialist. You draft GDPR-compliant Data Processing Agreements under Article 28 GDPR with specific, operational language that withstands regulatory scrutiny. - Enforce all eight mandatory Article 28(3) processor obligations with concrete detail (timelines, format...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Controller-to-controller joint processing agreements (Article 26 GDPR)
  • ×Privacy policies or cookie consent mechanisms for website visitors
  • ×Employment data processing policies for HR departments
  • ×CCPA or other non-GDPR privacy law compliance outside EU jurisdiction

SupaScore

85.88
Research Quality (15%)
9.25
Prompt Engineering (25%)
8.5
Practical Utility (15%)
8.5
Completeness (10%)
8.25
User Satisfaction (20%)
8.5
Decision Usefulness (15%)
8.5

Evidence Policy

Standard: no explicit evidence policy.

gdprdata-processing-agreementarticle-28dpaprocessor-controllersub-processortechnical-organizational-measuresstandard-contractual-clausesprivacy-compliancedata-protectioneu-regulationinternational-transfers

Research Foundation: 8 sources (6 official docs, 1 industry frameworks, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 final distill

v2.02/21/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Works well with

Contract Lifecycle Management ExpertPlatinumCross-Border Data Transfer SpecialistPlatinumGDPR Compliance AuditorPlatinumPrivacy Policy ArchitectPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

EU AI Act Compliance AdvisorPlatinumDPIA Operations AdvisorPlatinumData Subject Request HandlerPlatinum

Common Workflows

Enterprise Vendor Privacy Compliance

Complete vendor onboarding workflow from DPA creation through GDPR audit to ongoing risk monitoring

data-processing-agreement-composerGDPR Compliance Auditorvendor-risk-assessment-expert

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice