gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
80
71%
Does it follow best practices?
Impact
98%
1.38xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/hr-legal-compliance/skills/gdpr-data-handling/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities around GDPR compliance, includes an explicit 'Use when' clause with natural trigger terms, and occupies a distinct niche. It uses proper third-person voice and covers both the 'what' and 'when' dimensions effectively. The description is concise yet comprehensive enough for Claude to confidently select it from a large skill set.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', 'privacy by design', 'implementing privacy controls', and 'conducting GDPR compliance reviews'. These are distinct, identifiable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (GDPR-compliant data handling with consent management, data subject rights, privacy by design) and 'when' (explicit 'Use when' clause covering building systems processing EU personal data, implementing privacy controls, or conducting GDPR compliance reviews). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'GDPR', 'consent management', 'data subject rights', 'privacy by design', 'EU personal data', 'privacy controls', 'compliance reviews'. These cover the main terms someone working on GDPR compliance would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche around GDPR and EU data privacy. The specific regulatory focus (GDPR, EU personal data) and domain-specific terms (consent management, data subject rights, privacy by design) make it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides highly actionable, executable code patterns for GDPR compliance, which is its primary strength. However, it is severely bloated—explaining GDPR concepts Claude already knows, inlining hundreds of lines of code that should be in referenced files, and presenting as a monolithic document. The workflow guidance lacks explicit sequencing and validation checkpoints for the overall compliance implementation process.
Suggestions
Remove or drastically condense the 'Core Concepts' section (personal data categories, legal bases, data subject rights)—Claude already knows GDPR fundamentals. Keep only project-specific configuration or non-obvious details.
Split the five implementation patterns into separate referenced files (e.g., consent-management.md, dsar-handler.md) and keep only a brief overview with links in the main SKILL.md.
Add an explicit multi-step workflow at the top showing the recommended order of implementation (e.g., 1. Audit data flows → 2. Implement consent → 3. Build DSAR handling → 4. Set retention policies → 5. Validate with checklist) with validation checkpoints between steps.
Condense the best practices Do's/Don'ts into a compact reference table rather than verbose bullet points with explanations of obvious GDPR requirements.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Explains basic GDPR concepts Claude already knows (personal data categories, legal bases, data subject rights). The tables and ASCII trees for Articles 6, 9, 10, 15-21 are reference material Claude has in training data. The massive code examples could be condensed significantly or split into referenced files. | 1 / 3 |
Actionability | Provides fully executable code patterns in JavaScript and Python for consent management, DSAR handling, data retention, privacy-by-design models, and breach notification. Code is concrete, complete with class definitions, database operations, and realistic schemas that are copy-paste ready. | 3 / 3 |
Workflow Clarity | Individual patterns are well-structured, but there's no clear sequencing of how to implement GDPR compliance as a multi-step process. The checklist at the end helps but lacks validation checkpoints or feedback loops. For destructive operations like erasure, the code checks for legal exceptions but there's no explicit validate-then-proceed workflow documented outside the code. | 2 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to external files. All five implementation patterns, the compliance checklist, and best practices are inlined in a single massive document. This would benefit enormously from splitting patterns into separate referenced files with a concise overview in the main skill. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (625 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- wshobson/agents
- Commit
91fe43e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.