gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
80
71%
Does it follow best practices?
Impact
98%
1.25xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/hr-legal-compliance/skills/gdpr-data-handling/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its domain (GDPR compliance), lists specific capabilities (consent management, data subject rights, privacy by design), and provides explicit trigger guidance via a 'Use when' clause. It uses proper third-person voice and includes natural keywords that users working on GDPR-related tasks would use. The description is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', 'privacy by design', and mentions building systems, implementing privacy controls, and conducting compliance reviews. | 3 / 3 |
Completeness | Clearly answers both 'what' (GDPR-compliant data handling with consent management, data subject rights, privacy by design) and 'when' (explicit 'Use when' clause covering building systems processing EU personal data, implementing privacy controls, or conducting GDPR compliance reviews). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'GDPR', 'consent management', 'data subject rights', 'privacy by design', 'EU personal data', 'privacy controls', 'GDPR compliance'. These are terms a user working on GDPR compliance would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche around GDPR specifically. The combination of 'GDPR', 'EU personal data', 'consent management', and 'data subject rights' creates a very specific domain that is unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code patterns covering major GDPR implementation areas, which is its primary strength. However, it is severely bloated—explaining regulatory concepts Claude already knows, inlining hundreds of lines of code that should be split into referenced files, and lacking validation checkpoints for the multi-step compliance processes. The content would benefit enormously from restructuring into a concise overview with pointers to detailed pattern files.
Suggestions
Remove the Core Concepts section (personal data categories, legal bases, data subject rights) as Claude already knows GDPR fundamentals—or reduce to a one-line reminder of key thresholds (e.g., '30-day DSAR deadline, 72-hour breach notification').
Split each implementation pattern into its own referenced file (e.g., CONSENT.md, DSAR.md, RETENTION.md, BREACH.md) and keep SKILL.md as a concise overview with brief descriptions and links.
Add explicit validation/verification steps to workflows, such as 'Test consent recording by verifying audit log entry exists' or 'Validate erasure by confirming data source returns empty for deleted user'.
Condense code examples to show only the essential pattern (key method signatures and critical logic) rather than full class implementations with boilerplate.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Explains GDPR concepts Claude already knows (legal bases, data subject rights, personal data categories). The tables and ASCII trees for Articles 6, 9, 10, 15-21 are regulatory knowledge Claude possesses. The code examples, while concrete, are excessively long and could be condensed to key patterns rather than full class implementations. | 1 / 3 |
Actionability | Provides fully executable code examples across multiple patterns: consent management (JavaScript + HTML), DSAR handling (Python), data retention (Python), privacy by design (Python), and breach notification (Python). Code is copy-paste ready with concrete data models, method implementations, and realistic schemas. | 3 / 3 |
Workflow Clarity | The compliance checklist provides a clear sequence of verification steps, and individual patterns have logical flows (e.g., breach notification with timeline). However, there are no explicit validation checkpoints or feedback loops for the implementation process itself—no guidance on how to verify that consent is properly recorded, how to test DSAR flows, or how to validate that retention policies are correctly applied before running them in production. | 2 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to external files for detailed implementations. All five patterns, the full checklist, best practices, and resources are inlined in a single massive document. The consent management, DSAR, retention, privacy-by-design, and breach notification patterns could each be separate referenced files, with SKILL.md serving as a concise overview. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (631 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- Dicklesworthstone/pi_agent_rust
- Commit
b09ec7f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.