gdpr-dsgvo-expert
GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.
88
72%
Does it follow best practices?
Impact
99%
1.28xAverage score across 6 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./ra-qm-team/gdpr-dsgvo-expert/SKILL.mdQuality
Discovery
N/ABased on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
Something went wrong
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is well-structured with strong actionability — concrete CLI commands, clear tool descriptions, and organized reference pointers. Its main weaknesses are the inclusion of GDPR concept explanations that Claude already knows (consuming tokens without adding value) and the lack of validation/feedback loops in workflows that deal with compliance-critical operations. Trimming the 'Key GDPR Concepts' section and adding re-validation steps to workflows would significantly improve it.
Suggestions
Remove or drastically reduce the 'Key GDPR Concepts' section — Claude already knows GDPR legal bases, special category data definitions, and data subject rights. Keep only project-specific details that differ from standard GDPR knowledge.
Add validation/feedback loops to workflows: e.g., after fixing compliance issues in Workflow 1, re-run the compliance checker to verify the score improved; after generating a DPIA, validate the input JSON schema before generation.
In Workflow 2 (Data Subject Request Handling), add a deadline-check step early on (e.g., 'python scripts/data_subject_rights_tracker.py report' to check for approaching deadlines) and an explicit verification that the response was sent within the 30-day window.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes a 'Key GDPR Concepts' section that explains legal bases, special category data, and data subject rights — concepts Claude already knows well. The tools and workflows sections are efficient, but the reference material at the bottom adds ~60 lines of content that doesn't teach Claude anything new and could be omitted or left to the reference files. | 2 / 3 |
Actionability | All three tools have concrete, copy-paste-ready CLI commands with flags and arguments. The workflows provide specific command sequences for each step. The tool descriptions clearly state what they detect and output. | 3 / 3 |
Workflow Clarity | Three workflows are clearly sequenced with numbered steps and specific commands. However, none include validation checkpoints or feedback loops — e.g., after running the compliance checker there's no 're-scan to verify fixes' step, and the DPIA workflow doesn't validate the input JSON before generation. For compliance-critical operations, this is a notable gap. | 2 / 3 |
Progressive Disclosure | The skill has a clear table of contents, well-organized sections for tools/references/workflows, and appropriately points to three separate reference files (gdpr_compliance_guide.md, german_bdsg_requirements.md, dpia_methodology.md) with clear descriptions of what each contains. References are one level deep and well-signaled. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- alirezarezvani/claude-skills
- Commit
967fe01
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.