gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
80
71%
Does it follow best practices?
Impact
98%
1.25xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/hr-legal-compliance/skills/gdpr-data-handling/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that follows best practices. It uses third person voice, lists specific capabilities, includes a clear 'Use when' clause with natural trigger terms, and occupies a distinct niche around GDPR compliance. The description is concise yet comprehensive enough for Claude to accurately select it from a large pool of skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', 'privacy by design', and further specifies activities like 'building systems that process EU personal data', 'implementing privacy controls', and 'conducting GDPR compliance reviews'. | 3 / 3 |
Completeness | Clearly answers both 'what' (implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design) and 'when' (explicit 'Use when' clause covering building systems processing EU personal data, implementing privacy controls, or conducting GDPR compliance reviews). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'GDPR', 'consent management', 'data subject rights', 'privacy by design', 'EU personal data', 'privacy controls', 'GDPR compliance'. These cover the main terms a user working on GDPR compliance would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche around GDPR and EU data privacy. The specific regulatory domain (GDPR), geographic scope (EU), and specialized terms (consent management, data subject rights) make it unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code examples covering key GDPR implementation patterns, which is its primary strength. However, it is severely bloated—explaining GDPR fundamentals Claude already knows and embedding hundreds of lines of code that should be in referenced files. The lack of progressive disclosure and missing validation checkpoints in destructive workflows (like data erasure) significantly reduce its effectiveness as a skill file.
Suggestions
Move the detailed code implementations (consent management, DSAR handler, retention policies, breach notification) into separate referenced files (e.g., CONSENT.md, DSAR.md, RETENTION.md) and keep SKILL.md as a concise overview with pointers.
Remove the explanatory tables for personal data categories, legal bases, and data subject rights—Claude already knows GDPR fundamentals. Replace with a brief note like 'Apply standard GDPR legal bases (Art. 6) and respect all data subject rights (Arts. 15-21).'
Add explicit validation/verification steps to the erasure workflow: identity verification before processing, dry-run before deletion, confirmation after deletion, and a rollback strategy.
Condense code examples to show key patterns and critical implementation details rather than full class implementations—focus on what's non-obvious (e.g., audit logging structure, consent proof requirements).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Explains basic GDPR concepts (legal bases, data categories, rights) that Claude already knows. The tables listing Article 6 bases and data subject rights are textbook content that adds no novel implementation value. The code examples, while concrete, are excessively long and could be condensed to key patterns rather than full class implementations. | 1 / 3 |
Actionability | Provides fully executable code examples across multiple patterns: consent management (JS + HTML), DSAR handling (Python), data retention (Python), privacy-by-design models, and breach notification. Code is concrete, copy-paste ready, and covers real implementation scenarios with proper data models and method signatures. | 3 / 3 |
Workflow Clarity | The compliance checklist provides a good overview of steps, but the individual patterns lack explicit sequencing and validation checkpoints. For example, the DSAR handler doesn't specify a clear workflow for verifying identity before processing, and the breach notification pattern doesn't include explicit validation steps (e.g., verify breach scope before notifying). For operations involving data deletion (erasure requests), there's no explicit validate-before-proceeding feedback loop. | 2 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to supporting files. All five implementation patterns, the full compliance checklist, best practices, and resources are crammed into a single file. The consent UI HTML, multiple full Python classes, and JavaScript code should be split into separate reference files with the SKILL.md serving as an overview with pointers. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (631 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
bbc5ade
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.