import-gdpr-breach-sentinel
Rating is derived from the repo's GitHub stars and shown for reference.
name: import-gdpr-breach-sentinel
description: Use when migrating a GDPR personal-data breach sentinel skill into the mini-claude-for-legal format. The adapter maps legacy breach-detection logic — severity scoring, the 72-hour supervisory-authority notification clock, data-subject communication triggers, and cross-border lead-authority routing — into the standard skill model. Covers EU GDPR, UK GDPR, UAE PDPL, and analogous MENA data-breach regimes.
license: MIT
metadata:
id: import.gdpr-breach-sentinel
category: import
jurisdictions: [EU, UK, UAE, LB, EG, FR]
priority: P3
intent: [import, gdpr, data-breach, sentinel, migration, privacy-compliance]
related: [import-dpia-sentinel, import-gdpr-privacy-notice-eu, kb-gdpr-data-protection, review-data-breach-response]
source: Louis — HAQQ Legal AI (github.com/sboghossian/mini-claude-for-legal)
version: "1.0"
Import: GDPR Breach Sentinel
What it does
This import adapter migrates a GDPR personal-data breach sentinel skill into the mini-claude-for-legal standard format. A breach sentinel monitors incident reports and security alerts, applies the Article 33/34 GDPR decision tree, and outputs a triage record that tells the legal/privacy team exactly what must be done and within what deadline.
Under GDPR Article 33(1), a personal data breach must be notified to the competent supervisory authority within 72 hours of discovery — unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. Article 34 imposes a separate obligation to notify affected data subjects without undue delay when the breach is likely to result in high risk.
Import config
| Field | Source mapping | Default if absent |
|---|---|---|
breach_categories |
Legacy incident_types array |
Confidentiality / Integrity / Availability |
severity_matrix |
Legacy risk_matrix |
GDPR WP250 criteria |
notification_clock |
Legacy sla_hours |
72 hours (Art 33) |
subject_notification_threshold |
Legacy high_risk_threshold |
HIGH risk |
lead_authority_routing |
Legacy dpa_routing |
EDPB one-stop-shop rules |
record_template |
Legacy breach_log_template |
Art 33(5) mandatory fields |
jurisdiction |
Legacy jurisdiction |
EU |
Dry-run preview
IMPORT PREVIEW — gdpr-breach-sentinel
Source shape : GDPR breach-response config
Breach types : Confidentiality / Integrity / Availability
Severity matrix: WP250 criteria (data type × affected population × likelihood)
Clock : 72h supervisory authority; undue delay for data subjects
Lead authority : EDPB one-stop-shop (cross-border EU)
Record : Art 33(5) breach register fields
Breach triage decision tree (post-import logic)
INCIDENT DETECTED
│
▼
Is personal data involved?
No → Not a personal data breach. Log as internal incident only.
Yes ↓
▼
Is there a risk to rights and freedoms?
Unlikely → Document decision; no DPA notification required (Art 33(1) proviso)
Possible or Certain ↓
▼
Notify supervisory authority within 72h (Art 33)
│
▼
Is risk HIGH?
No → Notification to data subjects NOT required (Art 34(1) n/a)
Yes → Notify affected data subjects without undue delay (Art 34(1))
Severity scoring (WP250 / EDPB guidelines)
The sentinel scores breaches on three axes:
| Axis | Criteria | Score |
|---|---|---|
| Data type | Special-category (health, biometric, political, financial) | +2 |
| Identifiable personal data | +1 | |
| Pseudonymised / encrypted (attacker cannot decode) | 0 or -1 | |
| Affected population | >100,000 data subjects | +2 |
| 1,000–100,000 | +1 | |
| <1,000 | 0 | |
| Likely consequences | Identity theft, financial loss, discrimination likely | +2 |
| Inconvenience, temporary loss | +1 | |
| Minimal | 0 |
Total score → LOW (0–1) / MEDIUM (2–3) / HIGH (4–6).
Notification record (Art 33(5) mandatory fields)
The sentinel generates a breach record containing:
- Nature of the breach (confidentiality / integrity / availability)
- Categories and approximate number of data subjects concerned
- Categories and approximate number of personal data records concerned
- Name and contact details of the DPO (if appointed)
- Likely consequences of the breach
- Measures taken or proposed to address the breach, including to mitigate its possible adverse effects
Jurisdictional notes
| Jurisdiction | Framework | Key difference vs GDPR |
|---|---|---|
| EU | GDPR Art 33–34 | Baseline; 72h clock; EDPB one-stop-shop |
| UK | UK GDPR / DPA 2018 | ICO as lead; same 72h clock; post-Brexit no EDPB |
| France | GDPR + CNIL | CNIL is French lead DPA; CNIL notification portal |
| UAE | PDPL Art 14 | "Prompt notification" to UAE competent authority; no explicit 72h; controller also notifies data subjects if "significant harm" likely |
| Lebanon | No enacted DPL | Apply GDPR standard as contractual obligation / best practice |
| Egypt | Law 151/2020 | Notification to NCIDP within "reasonable time"; implementing regulations set specific timelines |
Failure modes
| Error | Likely cause | Resolution |
|---|---|---|
severity_matrix_empty |
Legacy had no risk matrix | Apply WP250 default scoring |
clock_not_set |
Legacy had no SLA field | Default to 72h; flag for user confirmation |
authority_unknown |
No DPA mapped for jurisdiction | Prompt user; default to EDPB for cross-border |
record_template_missing |
No breach-log template in source | Generate from Art 33(5) mandatory fields |
Related skills
- [[import-dpia-sentinel]]
- [[import-gdpr-privacy-notice-eu]]
- [[kb-gdpr-data-protection]]
- [[review-data-breach-response]]
- [[draft-dpa-processor-agreement]]