Metapowers

Phase 3: Comply

Implement regulatory compliance — GDPR, CCPA, SOC 2, accessibility, and incident response.

Purpose

The Comply phase ensures your organization meets regulatory requirements. It covers major privacy regulations, data processing obligations, accessibility standards, security frameworks, and incident preparedness.

Skills

GDPR Compliance

/legal:gdpr-compliance <topic>

Implements GDPR compliance measures. Covers lawful basis documentation, data subject rights processes, DPIAs, records of processing, and cross-border transfer mechanisms.

Output: GDPR compliance plan with implementation checklist → .metapowers/legal/<topic>/03-comply.md

CCPA Compliance

/legal:ccpa-compliance <topic>

Implements CCPA/CPRA compliance measures. Covers consumer rights processes, opt-out mechanisms, data inventory, and service provider agreements.

Output: CCPA compliance plan with consumer rights workflows → .metapowers/legal/<topic>/03-comply.md

Data Processing Agreement

/legal:data-processing-agreement <topic>

Creates data processing agreements for controller-processor relationships. Covers processing scope, security measures, sub-processor management, and breach notification.

Output: DPA document with processing details and security measures → .metapowers/legal/<topic>/03-comply.md

/legal:cookie-consent <topic>

Designs cookie consent implementation. Covers consent collection, preference management, cookie categorization, and compliance with ePrivacy requirements.

Output: Cookie consent implementation plan with UX specifications → .metapowers/legal/<topic>/03-comply.md

Accessibility Compliance

/legal:accessibility-compliance <topic>

Assesses and plans for digital accessibility compliance. Covers WCAG standards, ADA requirements, remediation priorities, and ongoing monitoring.

Output: Accessibility compliance plan with WCAG mapping → .metapowers/legal/<topic>/03-comply.md

SOC 2 Prep

/legal:soc2-prep <topic>

Prepares for SOC 2 Type I/II audits. Maps trust service criteria, identifies control gaps, documents policies, and creates an audit readiness timeline.

Output: SOC 2 readiness assessment with control mapping → .metapowers/legal/<topic>/03-comply.md

Incident Response Plan

/legal:incident-response-plan <topic>

Creates a legal incident response plan for data breaches and security incidents. Covers notification obligations, response timelines, communication templates, and regulatory reporting.

Output: Incident response plan with notification workflows → .metapowers/legal/<topic>/03-comply.md

Next Phase

After Comply, proceed to Govern to establish ongoing legal governance and monitoring.

Phase 2: Review

Analyze contracts, detect red flags, and prepare for negotiation.

Phase 4: Govern

Track contracts, monitor compliance, and maintain ongoing legal operations.

On this page

PurposeSkillsGDPR ComplianceCCPA ComplianceData Processing AgreementCookie ConsentAccessibility ComplianceSOC 2 PrepIncident Response PlanNext Phase