gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
85
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities (consent management, data subject rights, privacy by design), includes natural trigger terms users would actually say, explicitly states both what the skill does and when to use it, and carves out a distinct niche around GDPR/EU data protection that minimizes conflict with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', and 'privacy by design'. These are distinct, actionable capabilities within the GDPR domain. | 3 / 3 |
Completeness | Clearly answers both what ('Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design') AND when ('Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews'). | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'GDPR', 'EU personal data', 'privacy controls', 'compliance reviews', 'consent management', 'data subject rights'. Good coverage of terms a developer working on privacy would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on GDPR and EU data protection. The combination of 'GDPR', 'EU personal data', and specific privacy concepts like 'data subject rights' creates distinct triggers unlikely to conflict with general security or compliance skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides excellent actionable code examples for GDPR compliance implementation, with comprehensive patterns for consent, DSARs, retention, and breach handling. However, it's verbose with explanatory content Claude doesn't need, and the overall implementation workflow lacks clear sequencing and validation checkpoints. The monolithic structure would benefit from splitting detailed patterns into separate reference files.
Suggestions
Remove or significantly condense the 'Core Concepts' section (data categories, legal bases, rights) as Claude already knows GDPR fundamentals - focus only on implementation-specific details
Add an explicit implementation workflow at the top showing the order to implement patterns (e.g., '1. Set up consent management → 2. Implement DSAR handlers → 3. Configure retention policies') with validation checkpoints between stages
Split the detailed code patterns into separate files (e.g., CONSENT.md, DSAR.md, RETENTION.md) and keep SKILL.md as a concise overview with links to each pattern
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes explanatory content Claude already knows (e.g., explaining what GDPR articles mean, basic concepts like 'what is personal data'). The tables explaining data categories and legal bases are somewhat redundant for Claude. Could be tightened significantly. | 2 / 3 |
Actionability | Provides fully executable code examples in JavaScript and Python with complete implementations for consent management, DSAR handling, data retention, and breach notification. Code is copy-paste ready with proper class structures and methods. | 3 / 3 |
Workflow Clarity | While individual code patterns are clear, the overall workflow for implementing GDPR compliance lacks explicit sequencing and validation checkpoints. The checklist at the end is helpful but doesn't provide a clear order of operations or verification steps between stages. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but the skill is monolithic (~400 lines) with extensive inline code that could be split into separate reference files. External resources are linked but internal content organization could benefit from splitting patterns into separate files. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (631 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.