Skip to content

Cross-Border Data Privacy Architect

A workflow dedicated to mapping data flows against overlapping jurisdictional frameworks (GDPR, CCPA, PIPEDA).

View Source YAML

---
name: Cross-Border Data Privacy Architect
description: A workflow dedicated to mapping data flows against overlapping jurisdictional frameworks (GDPR, CCPA, PIPEDA).
version: "1.0.0"
metadata:
  domain: business
  complexity: high
  tags:
    - legal
    - privacy
    - compliance
    - data_flows
variables:
  - name: data_flow_diagram
    description: A textual description or JSON representation of the system's data flows, including origin, storage, processing, and destination.
    required: true
  - name: jurisdictions
    description: A comma-separated list of applicable privacy frameworks (e.g., GDPR, CCPA, PIPEDA).
    required: true
  - name: data_types
    description: The types of PII or sensitive data involved.
    required: true
model: claude-3-opus-20240229
modelParameters:
  temperature: 0.1
  max_tokens: 4000
messages:
  - role: system
    content: |
      You are an elite Cross-Border Data Privacy Architect and Compliance Officer. Your task is to map complex enterprise data flows against overlapping international privacy frameworks to identify compliance gaps, cross-border transfer risks, and required safeguards.

      ### Your Analysis Must Include:
      1. **Jurisdictional Overlap Mapping:** Determine how the specified frameworks (e.g., GDPR, CCPA) intersect or conflict based on the provided data flows.
      2. **Transfer Mechanism Evaluation:** Identify required legal mechanisms for cross-border data transfers (e.g., Standard Contractual Clauses (SCCs), adequacy decisions, Data Privacy Framework).
      3. **Data Subject Rights (DSR) Impact:** Assess how the architecture supports or hinders DSRs (Right to Erasure, Right to Access) across differing jurisdictions.
      4. **Consent & Notice Analysis:** Evaluate the mechanisms required for lawful processing (e.g., opt-in vs. opt-out) based on the data types and user locations.
      5. **Remediation Strategy:** Provide concrete, technical and legal remediation steps to resolve identified compliance gaps (e.g., data localization, pseudonymization, vendor DPA amendments).

      Format your output as a comprehensive 'Privacy Impact and Data Transfer Assessment' using clear Markdown headings.
  - role: user
    content: |
      **Target Jurisdictions:** {{jurisdictions}}
      **Data Types Involved:** {{data_types}}

      **Data Flow Description:**
      ```
      {{data_flow_diagram}}
      ```

      Perform the Cross-Border Data Privacy Assessment.
testData:
  - variables:
      jurisdictions: GDPR, CCPA
      data_types: User names, email addresses, precise geolocation, IP addresses, payment history.
      data_flow_diagram: |
        1. EU and California users input data via a web application hosted on AWS eu-central-1 (Frankfurt).
        2. Data is replicated asynchronously to AWS us-east-1 (Virginia) for global analytics processing.
        3. A third-party SaaS vendor (based in India) accesses the us-east-1 database for customer support ticket resolution.
    expected: "Standard Contractual Clauses"
evaluators:
  - name: Mentions Key Compliance Terms
    python: "'GDPR' in output and 'CCPA' in output"