gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
80
71%
Does it follow best practices?
Impact
98%
1.25xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/hr-legal-compliance/skills/gdpr-data-handling/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope around GDPR compliance, lists concrete capabilities, and includes an explicit 'Use when' clause with natural trigger terms. It follows the recommended pattern closely and would be easily distinguishable from other skills in a large skill library.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', 'privacy by design', 'implementing privacy controls', and 'conducting GDPR compliance reviews'. These are distinct, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (GDPR-compliant data handling with consent management, data subject rights, privacy by design) and 'when' (explicit 'Use when' clause covering building systems processing EU personal data, implementing privacy controls, or conducting GDPR compliance reviews). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'GDPR', 'consent management', 'data subject rights', 'privacy by design', 'EU personal data', 'privacy controls', 'compliance reviews'. These cover the main terms a user working on GDPR compliance would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche around GDPR and EU data privacy. The specific regulatory focus (GDPR, EU personal data, data subject rights) makes it very unlikely to conflict with general coding, security, or other compliance skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is highly actionable with excellent, executable code examples covering the major GDPR implementation patterns. However, it is severely bloated—it explains well-known GDPR concepts Claude already understands, includes massive inline code blocks that should be in separate reference files, and lacks progressive disclosure structure. The content would be far more effective as a lean overview pointing to separate pattern files.
Suggestions
Move the detailed code patterns (consent management, DSAR, retention, breach notification) into separate referenced files (e.g., patterns/consent.md, patterns/dsar.md) and keep SKILL.md as a concise overview with navigation links.
Remove the Core Concepts section entirely (personal data categories, legal bases, data subject rights)—Claude already knows GDPR fundamentals. Replace with a brief note like 'Apply standard GDPR legal bases (Art. 6) and respect all data subject rights (Arts. 15-21).'
Add an explicit end-to-end workflow with validation checkpoints, e.g., 'Before deploying: 1. Run compliance checklist → 2. Verify consent flows → 3. Test DSAR endpoints → 4. Validate retention policies → 5. Confirm breach notification pipeline.'
Trim the Do's/Don'ts and checklist sections to only non-obvious, implementation-specific guidance rather than restating well-known GDPR requirements.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Extensively explains GDPR concepts Claude already knows (legal bases, data subject rights, personal data categories). The tables and ASCII trees for Articles 6, 9, 10, 15-21 are reference material Claude has in training data. The code examples are massively over-detailed for a skill file. | 1 / 3 |
Actionability | The code examples are concrete, executable, and cover multiple real implementation patterns (consent management, DSAR handling, retention policies, breach notification). The JavaScript, Python, and HTML examples are copy-paste ready with realistic data models and service classes. | 3 / 3 |
Workflow Clarity | Individual patterns are well-structured with clear class methods and logical flows, and the compliance checklist provides verification steps. However, there's no overarching workflow connecting the patterns, no explicit validation checkpoints between steps, and no error recovery/feedback loops for the multi-step processes like DSAR handling or breach response. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of content with hundreds of lines of inline code that should be split into separate reference files. The external resources at the bottom are web links, not structured sub-files. There's no separation between a concise overview and detailed implementation patterns—everything is dumped into one file. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (631 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
6e3d68c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.