gdpr-data-handling

Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.

1.38x

Quality

71%

Does it follow best practices?

Impact

98%

1.38x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./plugins/hr-legal-compliance/skills/gdpr-data-handling/SKILL.md

Evaluation results

100%

Cookie Consent System for a SaaS Platform

Consent management implementation

Criteria

Without context

With context

Consent record has purpose field

80%

100%

Consent record has version field

100%

Consent record has ipAddress field

100%

Consent record has userAgent field

100%

Audit log present

60%

100%

Event emitted on consent change

80%

100%

hasConsent method uses latest entry

100%

Necessary cookies non-interactive

100%

Analytics opt-in only

100%

Marketing opt-in only

100%

Separate purpose controls

100%

Accept All and Reject All buttons

100%

57%

Data Subject Rights Portal for an E-Commerce Platform

Data subject rights processing

Criteria

Without context

With context

30-day deadline

100%

60-day extension mentioned

100%

Access response has retention_info

100%

Access response has processing_purposes

100%

Access response has third_party_recipients

100%

Portability format is JSON

100%

Portability has export_date

62%

100%

Portability has format_version 1.0

22%

100%

Erasure checks legal permissibility

80%

100%

Erasure tracks exceptions

100%

DPO notification on submission

100%

94%

15%

Privacy-First Data Architecture for a New Health & Wellness App

Privacy-first data architecture and breach response

Criteria

Without context

With context

UUID user IDs

100%

Email hashed in profile

66%

100%

PII in separate schema

71%

100%

Analytics session not linked to user_id

100%

Generalized location in analytics

100%

Analytics retention 1 year

100%

Transaction/financial retention 7 years

Analytics anonymized not deleted

100%

Archive before delete

100%

72-hour breach notification

100%

Sensitive data always notifies authority

90%

100%

Individual notification for high/critical

100%

Authority report has organization section

83%

100%

Authority report has consequences and measures

100%

DPO and security team notified on breach

25%

100%

Repository: wshobson/agents
Commit: 91fe43e

Evaluated: 27 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Cookie Consent System for a SaaS Platform Data Subject Rights Portal for an E-Commerce Platform Privacy-First Data Architecture for a New Health & Wellness App

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.