cloud-migration-dpia

Installation
SKILL.md

Assessing Cloud Migration Privacy

Overview

Migrating personal data to cloud infrastructure (IaaS, PaaS, SaaS) introduces fundamental changes to the data protection landscape: the controller cedes physical control over personal data to a cloud service provider (CSP) acting as processor, creating dependencies on the CSP's security measures, geographic infrastructure, and sub-processor chain. This skill provides a DPIA methodology covering the Art. 28 controller-processor relationship, international transfer assessment under Chapter V, encryption and key management requirements, the shared responsibility model, and sub-processor governance.

Legal Framework

GDPR Art. 28 — Processor Obligations

Art. 28(1) requires the controller to use only processors providing sufficient guarantees to implement appropriate technical and organisational measures to ensure processing meets GDPR requirements.

Art. 28(3) mandates a binding contract or legal act setting out:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data and categories of data subjects
  • Obligations and rights of the controller
  • Specific processor obligations including: processing only on documented instructions, confidentiality, security measures, sub-processor approval, data subject rights assistance, deletion/return on termination, audits and inspections
Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
cloud-migration-dpia — mukul975/privacy-data-protection-skills