compliance▌

Automates GDPR Data Subject Access Request (DSAR) workflows including identity verification, PII discovery across databases and files using regex and NER, data mapping, response templating per Article 15 requirements, deadline tracking, and audit logging. Covers ICO/EDPB guidance compliance, exemption handling, and scalable batch processing. Use when building or auditing DSAR response capabilities under GDPR/UK GDPR.

Implementing AWS Config rules for continuous compliance monitoring of AWS resources, deploying managed and custom rules aligned to CIS and PCI DSS frameworks, configuring automatic remediation with SSM Automation, and aggregating compliance data across accounts.

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based p

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine learning and pattern matching for PII, financial data, and credentials detection.

Audit Kubernetes cluster security posture against CIS benchmarks using kube-bench with automated checks for control plane, worker nodes, and RBAC.

Look up Scout's security, compliance, and privacy posture from trust.scoutos.com (Vanta-hosted Trust Center) for a given topic. Returns structured JSON with compliance badges, audit reports, policy documents, controls by category, subprocessors with regions, gated-access flags, and the canonical access-request workflow URL. Read-only — never submits access or NDA forms.

Verify a California-licensed accountant (CPA, Public Accountant, or accounting firm) on the DCA license search at search.dca.ca.gov — boardCode=19 (California Board of Accountancy). Returns full license record with status, dates, city, and any disciplinary actions.

Compliance-first, read-only diligence on hiive.com: enumerate credible exposure paths for a private-market target (direct Hiive Markets brokerage and Hiive {Issuer} SPVs), cross-verify against FINRA BrokerCheck, SEC EDGAR Form D, SEC IAPD, SIPC, and state/provincial regulators, score on a 100-point rubric, tier 1-3 or Avoid, emit ranked candidate table plus before-wiring checklist. Never advises, contacts, submits forms, bids, lists, wires, bypasses access controls, or calls any option safe.

Look up Florida business entity records on dos.fl.gov / search.sunbiz.org by entity name, FEI/EIN, or document number, and return the KYC fields a bank needs: legal name, filing type, status, FEI/EIN, date filed, principal/mailing address, registered agent, and officer/director roster. Read-only.

Given a Saudi establishment ID (firmId) and a violation ID, retrieves the full violation record from EFAA — the National Violations Platform — including issuing entity, type, date, location, fine amount, payment status, due date, and objection eligibility.