{"aiPlatform":"claude-code@2025.06","category":"security-audit","commandName":"/compliance-check","content":"---\nname: Regulatory Compliance Check\ndescription: Comprehensive compliance auditing tool for regulatory requirements including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Provides implementation guidance and audit trails.\nallowed_tools:\n - filesystem # Analyze system configurations and policies\n - memory # Track compliance requirements and audit history\n - sqlite # Store compliance data and audit reports\ntags:\n - compliance\n - regulatory\n - audit\n - gdpr\n - hipaa\n - security\ncategory: security\nversion: 1.0.0\nauthor: AI Commands Team\n---\n\n# Regulatory Compliance Check\n\nYou are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform comprehensive compliance audits and provide implementation guidance for achieving and maintaining compliance.\n\n## Context\nThe user needs to ensure their application meets regulatory requirements and industry standards. Focus on practical implementation of compliance controls, automated monitoring, and audit trail generation.\n\n## Requirements\n$ARGUMENTS\n\n## Instructions\n\n### 1. Compliance Framework Analysis\n\nIdentify applicable regulations and standards:\n\n**Regulatory Mapping**\n```python\nclass ComplianceAnalyzer:\n def __init__(self):\n self.regulations = {\n 'GDPR': {\n 'scope': 'EU data protection',\n 'applies_if': [\n 'Processing EU residents data',\n 'Offering goods/services to EU',\n 'Monitoring EU residents behavior'\n ],\n 'key_requirements': [\n 'Privacy by design',\n 'Data minimization',\n 'Right to erasure',\n 'Data portability',\n 'Consent management',\n 'DPO appointment',\n 'Privacy notices',\n 'Data breach notification (72hrs)'\n ]\n },\n 'HIPAA': {\n 'scope': 'Healthcare data protection (US)',\n 'applies_if': [\n 'Healthcare providers',\n 'Health plan providers', \n 'Healthcare clearinghouses',\n 'Business associates'\n ],\n 'key_requirements': [\n 'PHI encryption',\n 'Access controls',\n 'Audit logs',\n 'Business Associate Agreements',\n 'Risk assessments',\n 'Employee training',\n 'Incident response',\n 'Physical safeguards'\n ]\n },\n 'SOC2': {\n 'scope': 'Service organization controls',\n 'applies_if': [\n 'SaaS providers',\n 'Data processors',\n 'Cloud services'\n ],\n 'trust_principles': [\n 'Security',\n 'Availability', \n 'Processing integrity',\n 'Confidentiality',\n 'Privacy'\n ]\n },\n 'PCI-DSS': {\n 'scope': 'Payment card data security',\n 'applies_if': [\n 'Accept credit/debit cards',\n 'Process card payments',\n 'Store card data',\n 'Transmit card data'\n ],\n 'compliance_levels': {\n 'Level 1': '>6M transactions/year',\n 'Level 2': '1M-6M transactions/year',\n 'Level 3': '20K-1M transactions/year',\n 'Level 4': '<20K transactions/year'\n }\n }\n }\n \n def determine_applicable_regulations(self, business_info):\n \"\"\"\n Determine which regulations apply based on business context\n \"\"\"\n applicable = []\n \n # Check each regulation\n for reg_name, reg_info in self.regulations.items():\n if self._check_applicability(business_info, reg_info):\n applicable.append({\n 'regulation': reg_name,\n 'reason': self._get_applicability_reason(business_info, reg_info),\n 'priority': self._calculate_priority(business_info, reg_name)\n })\n \n return sorted(applicable, key=lambda x: x['priority'], reverse=True)\n```\n\n### 2. Data Privacy Compliance\n\nImplement privacy controls:\n\n**GDPR Implementation**\n```python\nclass GDPRCompliance:\n def implement_privacy_controls(self):\n \"\"\"\n Implement GDPR-required privacy controls\n \"\"\"\n controls = {}\n \n # 1. Consent Management\n controls['consent_management'] = '''\nclass ConsentManager:\n def __init__(self):\n self.consent_types = [\n 'marketing_emails',\n 'analytics_tracking',\n 'third_party_sharing',\n 'profiling'\n ]\n \n def record_consent(self, user_id, consent_type, granted):\n \"\"\"\n Record user consent with full audit trail\n \"\"\"\n consent_record = {\n 'user_id': user_id,\n 'consent_type': consent_type,\n 'granted': granted,\n 'timestamp': datetime.utcnow(),\n 'ip_address': request.remote_addr,\n 'user_agent': request.headers.get('User-Agent'),\n 'version': self.get_current_privacy_policy_version(),\n 'method': 'explicit_checkbox' # Not pre-ticked\n }\n \n # Store in append-only audit log\n self.consent_audit_log.append(consent_record)\n \n # Update current consent status\n self.update_user_consents(user_id, consent_type, granted)\n \n return consent_record\n \n def verify_consent(self, user_id, consent_type):\n \"\"\"\n Verify if user has given consent for specific processing\n \"\"\"\n consent = self.get_user_consent(user_id, consent_type)\n return consent and consent['granted'] and not consent.get('withdrawn')\n'''\n\n # 2. Right to Erasure (Right to be Forgotten)\n controls['right_to_erasure'] = '''\nclass DataErasureService:\n def process_erasure_request(self, user_id, verification_token):\n \"\"\"\n Process GDPR Article 17 erasure request\n \"\"\"\n # Verify request authenticity\n if not self.verify_erasure_token(user_id, verification_token):\n raise ValueError(\"Invalid erasure request\")\n \n erasure_log = {\n 'user_id': user_id,\n 'requested_at': datetime.utcnow(),\n 'data_categories': []\n }\n \n # 1. Personal data\n self.erase_user_profile(user_id)\n erasure_log['data_categories'].append('profile')\n \n # 2. User-generated content (anonymize instead of delete)\n self.anonymize_user_content(user_id)\n erasure_log['data_categories'].append('content_anonymized')\n \n # 3. Analytics data\n self.remove_from_analytics(user_id)\n erasure_log['data_categories'].append('analytics')\n \n # 4. Backup data (schedule deletion)\n self.schedule_backup_deletion(user_id)\n erasure_log['data_categories'].append('backups_scheduled')\n \n # 5. Notify third parties\n self.notify_processors_of_erasure(user_id)\n \n # Keep minimal record for legal compliance\n self.store_erasure_record(erasure_log)\n \n return {\n 'status': 'completed',\n 'erasure_id': erasure_log['id'],\n 'categories_erased': erasure_log['data_categories']\n }\n'''\n\n # 3. Data Portability\n controls['data_portability'] = '''\nclass DataPortabilityService:\n def export_user_data(self, user_id, format='json'):\n \"\"\"\n GDPR Article 20 - Data portability\n \"\"\"\n user_data = {\n 'export_date': datetime.utcnow().isoformat(),\n 'user_id': user_id,\n 'format_version': '2.0',\n 'data': {}\n }\n \n # Collect all user data\n user_data['data']['profile'] = self.get_user_profile(user_id)\n user_data['data']['preferences'] = self.get_user_preferences(user_id)\n user_data['data']['content'] = self.get_user_content(user_id)\n user_data['data']['activity'] = self.get_user_activity(user_id)\n user_data['data']['consents'] = self.get_consent_history(user_id)\n \n # Format based on request\n if format == 'json':\n return json.dumps(user_data, indent=2)\n elif format == 'csv':\n return self.convert_to_csv(user_data)\n elif format == 'xml':\n return self.convert_to_xml(user_data)\n'''\n \n return controls\n\n**Privacy by Design**\n```python\n# Implement privacy by design principles\nclass PrivacyByDesign:\n def implement_data_minimization(self):\n \"\"\"\n Collect only necessary data\n \"\"\"\n # Before (collecting too much)\n bad_user_model = {\n 'email': str,\n 'password': str,\n 'full_name': str,\n 'date_of_birth': date,\n 'ssn': str, # Unnecessary\n 'address': str, # Unnecessary for basic service\n 'phone': str, # Unnecessary\n 'gender': str, # Unnecessary\n 'income': int # Unnecessary\n }\n \n # After (data minimization)\n good_user_model = {\n 'email': str, # Required for authentication\n 'password_hash': str, # Never store plain text\n 'display_name': str, # Optional, user-provided\n 'created_at': datetime,\n 'last_login': datetime\n }\n \n return good_user_model\n \n def implement_pseudonymization(self):\n \"\"\"\n Replace identifying fields with pseudonyms\n \"\"\"\n def pseudonymize_record(record):\n # Generate consistent pseudonym\n user_pseudonym = hashlib.sha256(\n f\"{record['user_id']}{SECRET_SALT}\".encode()\n ).hexdigest()[:16]\n \n return {\n 'pseudonym': user_pseudonym,\n 'data': {\n # Remove direct identifiers\n 'age_group': self._get_age_group(record['age']),\n 'region': self._get_region(record['ip_address']),\n 'activity': record['activity_data']\n }\n }\n```\n\n### 3. Security Compliance\n\nImplement security controls for various standards:\n\n**SOC2 Security Controls**\n```python\nclass SOC2SecurityControls:\n def implement_access_controls(self):\n \"\"\"\n SOC2 CC6.1 - Logical and physical access controls\n \"\"\"\n controls = {\n 'authentication': '''\n# Multi-factor authentication\nclass MFAEnforcement:\n def enforce_mfa(self, user, resource_sensitivity):\n if resource_sensitivity == 'high':\n return self.require_mfa(user)\n elif resource_sensitivity == 'medium' and user.is_admin:\n return self.require_mfa(user)\n return self.standard_auth(user)\n \n def require_mfa(self, user):\n factors = []\n \n # Factor 1: Password (something you know)\n factors.append(self.verify_password(user))\n \n # Factor 2: TOTP/SMS (something you have)\n if user.mfa_method == 'totp':\n factors.append(self.verify_totp(user))\n elif user.mfa_method == 'sms':\n factors.append(self.verify_sms_code(user))\n \n # Factor 3: Biometric (something you are) - optional\n if user.biometric_enabled:\n factors.append(self.verify_biometric(user))\n \n return all(factors)\n''',\n 'authorization': '''\n# Role-based access control\nclass RBACAuthorization:\n def __init__(self):\n self.roles = {\n 'admin': ['read', 'write', 'delete', 'admin'],\n 'user': ['read', 'write:own'],\n 'viewer': ['read']\n }\n \n def check_permission(self, user, resource, action):\n user_permissions = self.get_user_permissions(user)\n \n # Check explicit permissions\n if action in user_permissions:\n return True\n \n # Check ownership-based permissions\n if f\"{action}:own\" in user_permissions:\n return self.user_owns_resource(user, resource)\n \n # Log denied access attempt\n self.log_access_denied(user, resource, action)\n return False\n''',\n 'encryption': '''\n# Encryption at rest and in transit\nclass EncryptionControls:\n def __init__(self):\n self.kms = KeyManagementService()\n \n def encrypt_at_rest(self, data, classification):\n if classification == 'sensitive':\n # Use envelope encryption\n dek = self.kms.generate_data_encryption_key()\n encrypted_data = self.encrypt_with_key(data, dek)\n encrypted_dek = self.kms.encrypt_key(dek)\n \n return {\n 'data': encrypted_data,\n 'encrypted_key': encrypted_dek,\n 'algorithm': 'AES-256-GCM',\n 'key_id': self.kms.get_current_key_id()\n }\n \n def configure_tls(self):\n return {\n 'min_version': 'TLS1.2',\n 'ciphers': [\n 'ECDHE-RSA-AES256-GCM-SHA384',\n 'ECDHE-RSA-AES128-GCM-SHA256'\n ],\n 'hsts': 'max-age=31536000; includeSubDomains',\n 'certificate_pinning': True\n }\n'''\n }\n \n return controls\n```\n\n### 4. Audit Logging and Monitoring\n\nImplement comprehensive audit trails:\n\n**Audit Log System**\n```python\nclass ComplianceAuditLogger:\n def __init__(self):\n self.required_events = {\n 'authentication': [\n 'login_success',\n 'login_failure',\n 'logout',\n 'password_change',\n 'mfa_enabled',\n 'mfa_disabled'\n ],\n 'authorization': [\n 'access_granted',\n 'access_denied',\n 'permission_changed',\n 'role_assigned',\n 'role_revoked'\n ],\n 'data_access': [\n 'data_viewed',\n 'data_exported',\n 'data_modified',\n 'data_deleted',\n 'bulk_operation'\n ],\n 'compliance': [\n 'consent_given',\n 'consent_withdrawn',\n 'data_request',\n 'data_erasure',\n 'privacy_settings_changed'\n ]\n }\n \n def log_event(self, event_type, details):\n \"\"\"\n Create tamper-proof audit log entry\n \"\"\"\n log_entry = {\n 'id': str(uuid.uuid4()),\n 'timestamp': datetime.utcnow().isoformat(),\n 'event_type': event_type,\n 'user_id': details.get('user_id'),\n 'ip_address': self._get_ip_address(),\n 'user_agent': request.headers.get('User-Agent'),\n 'session_id': session.get('id'),\n 'details': details,\n 'compliance_flags': self._get_compliance_flags(event_type)\n }\n \n # Add integrity check\n log_entry['checksum'] = self._calculate_checksum(log_entry)\n \n # Store in immutable log\n self._store_audit_log(log_entry)\n \n # Real-time alerting for critical events\n if self._is_critical_event(event_type):\n self._send_security_alert(log_entry)\n \n return log_entry\n \n def _calculate_checksum(self, entry):\n \"\"\"\n Create tamper-evident checksum\n \"\"\"\n # Include previous entry hash for blockchain-like integrity\n previous_hash = self._get_previous_entry_hash()\n \n content = json.dumps(entry, sort_keys=True)\n return hashlib.sha256(\n f\"{previous_hash}{content}{SECRET_KEY}\".encode()\n ).hexdigest()\n```\n\n**Compliance Reporting**\n```python\ndef generate_compliance_report(self, regulation, period):\n \"\"\"\n Generate compliance report for auditors\n \"\"\"\n report = {\n 'regulation': regulation,\n 'period': period,\n 'generated_at': datetime.utcnow(),\n 'sections': {}\n }\n \n if regulation == 'GDPR':\n report['sections'] = {\n 'data_processing_activities': self._get_processing_activities(period),\n 'consent_metrics': self._get_consent_metrics(period),\n 'data_requests': {\n 'access_requests': self._count_access_requests(period),\n 'erasure_requests': self._count_erasure_requests(period),\n 'portability_requests': self._count_portability_requests(period),\n 'response_times': self._calculate_response_times(period)\n },\n 'data_breaches': self._get_breach_reports(period),\n 'third_party_processors': self._list_processors(),\n 'privacy_impact_assessments': self._get_dpias(period)\n }\n \n elif regulation == 'HIPAA':\n report['sections'] = {\n 'access_controls': self._audit_access_controls(period),\n 'phi_access_log': self._get_phi_access_log(period),\n 'risk_assessments': self._get_risk_assessments(period),\n 'training_records': self._get_training_compliance(period),\n 'business_associates': self._list_bas_with_agreements(),\n 'incident_response': self._get_incident_reports(period)\n }\n \n return report\n```\n\n### 5. Healthcare Compliance (HIPAA)\n\nImplement HIPAA-specific controls:\n\n**PHI Protection**\n```python\nclass HIPAACompliance:\n def protect_phi(self):\n \"\"\"\n Implement HIPAA safeguards for Protected Health Information\n \"\"\"\n # Technical Safeguards\n technical_controls = {\n 'access_control': '''\nclass PHIAccessControl:\n def __init__(self):\n self.minimum_necessary_rule = True\n \n def grant_phi_access(self, user, patient_id, purpose):\n \"\"\"\n Implement minimum necessary standard\n \"\"\"\n # Verify legitimate purpose\n if not self._verify_treatment_relationship(user, patient_id, purpose):\n self._log_denied_access(user, patient_id, purpose)\n raise PermissionError(\"No treatment relationship\")\n \n # Grant limited access based on role and purpose\n access_scope = self._determine_access_scope(user.role, purpose)\n \n # Time-limited access\n access_token = {\n 'user_id': user.id,\n 'patient_id': patient_id,\n 'scope': access_scope,\n 'purpose': purpose,\n 'expires_at': datetime.utcnow() + timedelta(hours=24),\n 'audit_id': str(uuid.uuid4())\n }\n \n # Log all access\n self._log_phi_access(access_token)\n \n return access_token\n''',\n 'encryption': '''\nclass PHIEncryption:\n def encrypt_phi_at_rest(self, phi_data):\n \"\"\"\n HIPAA-compliant encryption for PHI\n \"\"\"\n # Use FIPS 140-2 validated encryption\n encryption_config = {\n 'algorithm': 'AES-256-CBC',\n 'key_derivation': 'PBKDF2',\n 'iterations': 100000,\n 'validation': 'FIPS-140-2-Level-2'\n }\n \n # Encrypt PHI fields\n encrypted_phi = {}\n for field, value in phi_data.items():\n if self._is_phi_field(field):\n encrypted_phi[field] = self._encrypt_field(value, encryption_config)\n else:\n encrypted_phi[field] = value\n \n return encrypted_phi\n \n def secure_phi_transmission(self):\n \"\"\"\n Secure PHI during transmission\n \"\"\"\n return {\n 'protocols': ['TLS 1.2+'],\n 'vpn_required': True,\n 'email_encryption': 'S/MIME or PGP required',\n 'fax_alternative': 'Secure messaging portal'\n }\n'''\n }\n \n # Administrative Safeguards\n admin_controls = {\n 'workforce_training': '''\nclass HIPAATraining:\n def track_training_compliance(self, employee):\n \"\"\"\n Ensure workforce HIPAA training compliance\n \"\"\"\n required_modules = [\n 'HIPAA Privacy Rule',\n 'HIPAA Security Rule', \n 'PHI Handling Procedures',\n 'Breach Notification',\n 'Patient Rights',\n 'Minimum Necessary Standard'\n ]\n \n training_status = {\n 'employee_id': employee.id,\n 'completed_modules': [],\n 'pending_modules': [],\n 'last_training_date': None,\n 'next_due_date': None\n }\n \n for module in required_modules:\n completion = self._check_module_completion(employee.id, module)\n if completion and completion['date'] > datetime.now() - timedelta(days=365):\n training_status['completed_modules'].append(module)\n else:\n training_status['pending_modules'].append(module)\n \n return training_status\n'''\n }\n \n return {\n 'technical': technical_controls,\n 'administrative': admin_controls\n }\n```\n\n### 6. Payment Card Compliance (PCI-DSS)\n\nImplement PCI-DSS requirements:\n\n**PCI-DSS Controls**\n```python\nclass PCIDSSCompliance:\n def implement_pci_controls(self):\n \"\"\"\n Implement PCI-DSS v4.0 requirements\n \"\"\"\n controls = {\n 'cardholder_data_protection': '''\nclass CardDataProtection:\n def __init__(self):\n # Never store these\n self.prohibited_data = ['cvv', 'cvv2', 'cvc2', 'cid', 'pin', 'pin_block']\n \n def handle_card_data(self, card_info):\n \"\"\"\n PCI-DSS compliant card data handling\n \"\"\"\n # Immediately tokenize\n token = self.tokenize_card(card_info)\n \n # If must store, only store allowed fields\n stored_data = {\n 'token': token,\n 'last_four': card_info['number'][-4:],\n 'exp_month': card_info['exp_month'],\n 'exp_year': card_info['exp_year'],\n 'cardholder_name': self._encrypt(card_info['name'])\n }\n \n # Never log full card number\n self._log_transaction(token, 'XXXX-XXXX-XXXX-' + stored_data['last_four'])\n \n return stored_data\n \n def tokenize_card(self, card_info):\n \"\"\"\n Replace PAN with token\n \"\"\"\n # Use payment processor tokenization\n response = payment_processor.tokenize({\n 'number': card_info['number'],\n 'exp_month': card_info['exp_month'],\n 'exp_year': card_info['exp_year']\n })\n \n return response['token']\n''',\n 'network_segmentation': '''\n# Network segmentation for PCI compliance\nclass PCINetworkSegmentation:\n def configure_network_zones(self):\n \"\"\"\n Implement network segmentation\n \"\"\"\n zones = {\n 'cde': { # Cardholder Data Environment\n 'description': 'Systems that process, store, or transmit CHD',\n 'controls': [\n 'Firewall required',\n 'IDS/IPS monitoring',\n 'No direct internet access',\n 'Quarterly vulnerability scans',\n 'Annual penetration testing'\n ]\n },\n 'dmz': {\n 'description': 'Public-facing systems',\n 'controls': [\n 'Web application firewall',\n 'No CHD storage allowed',\n 'Regular security scanning'\n ]\n },\n 'internal': {\n 'description': 'Internal corporate network',\n 'controls': [\n 'Segmented from CDE',\n 'Limited CDE access',\n 'Standard security controls'\n ]\n }\n }\n \n return zones\n''',\n 'vulnerability_management': '''\nclass PCIVulnerabilityManagement:\n def quarterly_scan_requirements(self):\n \"\"\"\n PCI-DSS quarterly scan requirements\n \"\"\"\n scan_config = {\n 'internal_scans': {\n 'frequency': 'quarterly',\n 'scope': 'all CDE systems',\n 'tool': 'PCI-approved scanning vendor',\n 'passing_criteria': 'No high-risk vulnerabilities'\n },\n 'external_scans': {\n 'frequency': 'quarterly', \n 'performed_by': 'ASV (Approved Scanning Vendor)',\n 'scope': 'All external-facing IP addresses',\n 'passing_criteria': 'Clean scan with no failures'\n },\n 'remediation_timeline': {\n 'critical': '24 hours',\n 'high': '7 days',\n 'medium': '30 days',\n 'low': '90 days'\n }\n }\n \n return scan_config\n'''\n }\n \n return controls\n```\n\n### 7. Continuous Compliance Monitoring\n\nSet up automated compliance monitoring:\n\n**Compliance Dashboard**\n```python\nclass ComplianceDashboard:\n def generate_realtime_dashboard(self):\n \"\"\"\n Real-time compliance status dashboard\n \"\"\"\n dashboard = {\n 'timestamp': datetime.utcnow(),\n 'overall_compliance_score': 0,\n 'regulations': {}\n }\n \n # GDPR Compliance Metrics\n dashboard['regulations']['GDPR'] = {\n 'score': self.calculate_gdpr_score(),\n 'status': 'COMPLIANT',\n 'metrics': {\n 'consent_rate': '87%',\n 'data_requests_sla': '98% within 30 days',\n 'privacy_policy_version': '2.1',\n 'last_dpia': '2025-06-15',\n 'encryption_coverage': '100%',\n 'third_party_agreements': '12/12 signed'\n },\n 'issues': [\n {\n 'severity': 'medium',\n 'issue': 'Cookie consent banner update needed',\n 'due_date': '2025-08-01'\n }\n ]\n }\n \n # HIPAA Compliance Metrics\n dashboard['regulations']['HIPAA'] = {\n 'score': self.calculate_hipaa_score(),\n 'status': 'NEEDS_ATTENTION',\n 'metrics': {\n 'risk_assessment_current': True,\n 'workforce_training_compliance': '94%',\n 'baa_agreements': '8/8 current',\n 'encryption_status': 'All PHI encrypted',\n 'access_reviews': 'Completed 2025-06-30',\n 'incident_response_tested': '2025-05-15'\n },\n 'issues': [\n {\n 'severity': 'high',\n 'issue': '3 employees overdue for training',\n 'due_date': '2025-07-25'\n }\n ]\n }\n \n return dashboard\n```\n\n**Automated Compliance Checks**\n```yaml\n# .github/workflows/compliance-check.yml\nname: Compliance Checks\n\non:\n push:\n branches: [main, develop]\n pull_request:\n schedule:\n - cron: '0 0 * * *' # Daily compliance check\n\njobs:\n compliance-scan:\n runs-on: ubuntu-latest\n \n steps:\n - uses: actions/checkout@v3\n \n - name: GDPR Compliance Check\n run: |\n python scripts/compliance/gdpr_checker.py\n \n - name: Security Headers Check\n run: |\n python scripts/compliance/security_headers.py\n \n - name: Dependency License Check\n run: |\n license-checker --onlyAllow 'MIT;Apache-2.0;BSD-3-Clause;ISC'\n \n - name: PII Detection Scan\n run: |\n # Scan for hardcoded PII\n python scripts/compliance/pii_scanner.py\n \n - name: Encryption Verification\n run: |\n # Verify all sensitive data is encrypted\n python scripts/compliance/encryption_checker.py\n \n - name: Generate Compliance Report\n if: always()\n run: |\n python scripts/compliance/generate_report.py > compliance-report.json\n \n - name: Upload Compliance Report\n uses: actions/upload-artifact@v3\n with:\n name: compliance-report\n path: compliance-report.json\n```\n\n### 8. Compliance Documentation\n\nGenerate required documentation:\n\n**Privacy Policy Generator**\n```python\ndef generate_privacy_policy(company_info, data_practices):\n \"\"\"\n Generate GDPR-compliant privacy policy\n \"\"\"\n policy = f\"\"\"\n# Privacy Policy\n\n**Last Updated**: {datetime.now().strftime('%B %d, %Y')}\n\n## 1. Data Controller\n{company_info['name']}\n{company_info['address']}\nEmail: {company_info['privacy_email']}\nDPO: {company_info.get('dpo_contact', 'privacy@company.com')}\n\n## 2. Data We Collect\n{generate_data_collection_section(data_practices['data_types'])}\n\n## 3. Legal Basis for Processing\n{generate_legal_basis_section(data_practices['purposes'])}\n\n## 4. Your Rights\nUnder GDPR, you have the following rights:\n- Right to access your personal data\n- Right to rectification \n- Right to erasure ('right to be forgotten')\n- Right to restrict processing\n- Right to data portability\n- Right to object\n- Rights related to automated decision making\n\n## 5. Data Retention\n{generate_retention_policy(data_practices['retention_periods'])}\n\n## 6. International Transfers\n{generate_transfer_section(data_practices['international_transfers'])}\n\n## 7. Contact Us\nTo exercise your rights, contact: {company_info['privacy_email']}\n\"\"\"\n \n return policy\n```\n\n## Output Format\n\n1. **Compliance Assessment**: Current compliance status across all applicable regulations\n2. **Gap Analysis**: Specific areas needing attention with severity ratings\n3. **Implementation Plan**: Prioritized roadmap for achieving compliance\n4. **Technical Controls**: Code implementations for required controls\n5. **Policy Templates**: Privacy policies, consent forms, and notices\n6. **Audit Procedures**: Scripts for continuous compliance monitoring\n7. **Documentation**: Required records and evidence for auditors\n8. **Training Materials**: Workforce compliance training resources\n\nFocus on practical implementation that balances compliance requirements with business operations and user experience.","contentHash":"6b82e28ae7de03afd9c65a6822594ea8b675adb217dcb62eb3b13c1a6c2bc3b1","copies":0,"createdAt":"2025-08-12T16:09:40.453Z","description":"Ensure regulatory compliance (GDPR, HIPAA, SOC2)","github":{"repoUrl":"https://github.com/Commands-com/commands","lastSyncDirection":"from-github","metadata":{"importedFrom":"github_repository","repoPrivate":false,"repoDefaultBranch":"main","connectedAt":"2025-08-12T16:09:40.453Z"},"importedAt":"2025-08-12T16:09:40.453Z","lastSyncAt":"2025-08-17T17:57:46.077Z","fileMapping":{"license":null,"readme":null,"assets":[],"mainFile":"tools/compliance-check.md"},"selectedCommand":"compliance-check","fileShas":{"mainFile":"79126663782eda3708f586f349f355146ecc7894","yamlPath":"313647b1fb381389da33b7913e95baf617c4b392"},"branch":"main","connectionType":"commands_yaml","connected":true,"lastSyncCommit":"01591bc061d236bde47bf23b0f47e8afcf1a5144","importSource":"repository_import","installationId":"69232615","syncStatus":"synced"},"githubRepoUrl":"https://github.com/Commands-com/commands","id":"6874e820-5345-4114-83b6-20003491b229","inputParameters":[{"name":"compliance_standards","description":"Standards to check against (comma-separated)","label":"Compliance Standards","type":"text","required":true,"defaultValue":"GDPR,SOC2"},{"defaultValue":"full","name":"audit_scope","options":["full","data-privacy","security","infrastructure","processes"],"description":"Scope of compliance audit","label":"Audit Scope","type":"select","required":false}],"instructions":"Ensure regulatory compliance (GDPR, HIPAA, SOC2)","likes":0,"mcp_search_content":"","organizationUsername":"commands-com","price":"free","search_content":"compliance check ensure regulatory compliance (gdpr, hipaa, soc2) /compliance-check security-audit claude-code@2025.06","title":"Compliance Check","type":"command","updatedAt":"2025-08-17T17:57:46.077Z","userId":"W0V8NAw5AhWRwcuwSoFLOi1Yem83","visibility":"public","name":"compliance-check","userInteraction":{"userHasStarred":false}}