LEGALCODE

Use Case

GDPR-compliant DPIAs — without uploading your data processing details to a cloud platform.

Data Protection Impact Assessments are required under GDPR Article 35 for high-risk processing activities. Legalcode's DPIA skill guides your agent through the full ICO/EDPB-aligned methodology — identifying processing activities, assessing necessity and proportionality, evaluating risks, and documenting mitigations.

Your documents stay local

Processing activity descriptions contain the exact personal data details you're trying to protect. With Legalcode, those descriptions stay on your machine — your agent queries only the regulatory framework (GDPR provisions, EDPB guidance), not your organisation's data. No irony in uploading data processing descriptions to a cloud platform to assess privacy risk.

  • Documents never leave your machine — no uploads to third-party services
  • Zero data retention on search content — queries are not logged or stored
  • Combine Legalcode with your local files, tools, and workflows in one environment
  • Works inside your existing AI agent — Claude Code, ChatGPT, Cursor, or any MCP client

How it works

  1. 1

    Describe the processing activity to your local agent

    Tell the agent what data is being processed, by whom, for what purpose, and in which jurisdictions. This description stays in your local session — Legalcode is queried only for the EDPB criteria and regulatory framework.

  2. 2

    Skill applies EDPB screening criteria

    The skill runs the European Data Protection Board's nine-criterion screening to determine whether a formal DPIA is mandatory, then proceeds with the structured assessment.

  3. 3

    Risk matrix populated

    The agent identifies risks to data subjects (likelihood × severity), maps them to the processing steps, and suggests technical and organisational measures to mitigate each risk.

  4. 4

    DPIA document drafted

    A complete DPIA document is generated in the required format — including processing description, lawful basis, necessity and proportionality analysis, risk assessment, and DPO consultation status.

What it produces

  • DPIA necessity screening report (EDPB nine-criteria test)
  • Processing activity description in Article 30 register format
  • Risk matrix (likelihood × severity, per risk)
  • Technical and organisational measures (TOMs) list
  • Residual risk assessment
  • Complete DPIA document ready for DPO review

Jurisdictions covered

EUUKDEFRIENLSENOISCH

Related skills

privacy-impact-assessmentbreach-triageregulatory-compliance

FAQ

Does the skill cover UK GDPR as well as EU GDPR?
Yes. The skill applies both EU GDPR (supervised by the EDPB and national DPAs) and UK GDPR (supervised by the ICO). It flags divergences between the two regimes where they affect the DPIA output.
My processing descriptions contain sensitive internal details. Are they safe?
Your processing activity descriptions never leave your device. The agent works locally with your descriptions and queries Legalcode only for the regulatory framework — GDPR articles, EDPB guidance, DPA positions. Zero data retention applies to all search content.
Can the output be used as the final DPIA for regulatory purposes?
The output is designed to be a substantive starting point for DPO review, not a final signed-off document. Your DPO should review, validate, and sign the DPIA before it is relied upon.
What if the processing activity involves AI systems?
The skill includes an AI-specific risk module that addresses algorithmic decision-making, profiling, and the intersection of GDPR Article 22 with the EU AI Act's high-risk AI system requirements.

Run DPIA Generator locally — no uploads, no data retention

Plug Legalcode into your AI agent and work with your own documents locally. Free tier gives you laws and case law across 24 jurisdictions with full text in your agent's context. Pro unlocks all source types, file downloads to local Markdown, and higher throughput at $39/month ($29 billed annually). The full skill library is available on annual plans.

Start freeAll use cases