gdpr-data-handling
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
71
57%
Does it follow best practices?
Impact
98%
1.38xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/hr-legal-compliance/skills/gdpr-data-handling/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that clearly defines its domain (GDPR compliance), lists specific capabilities (consent management, data subject rights, privacy by design), and includes an explicit 'Use when' clause with natural trigger terms. It uses proper third-person voice and is concise without being vague. The description is distinctive enough to avoid conflicts with other skills while covering the key terms users would naturally use.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'consent management', 'data subject rights', 'privacy by design', 'implementing privacy controls', and 'conducting GDPR compliance reviews'. These are distinct, identifiable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (GDPR-compliant data handling with consent management, data subject rights, privacy by design) and 'when' (explicit 'Use when' clause covering building systems processing EU personal data, implementing privacy controls, or conducting GDPR compliance reviews). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'GDPR', 'consent management', 'data subject rights', 'privacy by design', 'EU personal data', 'privacy controls', 'compliance reviews'. These cover the main terms someone working on GDPR compliance would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche around GDPR and EU data privacy. The specific regulatory domain (GDPR), combined with concrete triggers like 'EU personal data' and 'consent management', makes it unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a GDPR implementation textbook than a concise, actionable skill for Claude. It spends significant tokens on concepts Claude already knows (GDPR articles, data categories, legal bases) while the code examples, though detailed, lack the infrastructure definitions needed to be truly executable. The absence of any workflow sequencing, validation checkpoints, or progressive disclosure structure makes this poorly suited as a skill file.
Suggestions
Eliminate the Core Concepts section entirely (personal data categories, legal bases, data subject rights) — Claude already knows GDPR fundamentals. Replace with a brief note on which legal basis to default to for common scenarios.
Add a clear multi-step implementation workflow with validation checkpoints, e.g.: 1. Audit existing data flows → 2. Implement consent management → 3. Validate consent recording works → 4. Implement DSAR handlers → 5. Test with sample requests → 6. Set up retention policies → 7. Verify deletion/anonymization.
Split into multiple files: keep SKILL.md as a concise overview (~50 lines) with references to separate files like CONSENT.md, DSAR.md, RETENTION.md, BREACH.md for the detailed code patterns.
Make code examples self-contained by either providing the full class with all dependencies or reducing to minimal executable snippets that demonstrate the key GDPR-specific logic without undefined infrastructure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Explains basic GDPR concepts (legal bases, data categories, rights) that Claude already knows. The tables listing Article 6 bases and data subject rights are textbook content that adds no novel implementation value. Code examples are extensive but could be significantly condensed. | 1 / 3 |
Actionability | Provides substantial code examples (ConsentManager, DSARHandler, RetentionPolicy, BreachNotification) that are mostly executable, but they depend on undefined infrastructure (self.db, self.eventBus, self.config, DataSource interface) making them closer to detailed pseudocode than copy-paste ready. Missing imports (List, timedelta in some files) and undefined helper methods reduce executability. | 2 / 3 |
Workflow Clarity | No clear multi-step workflow for implementing GDPR compliance. The patterns are presented as isolated code blocks without sequencing, validation checkpoints, or feedback loops. For a domain involving destructive operations (data erasure) and legally mandated deadlines, there are no verification steps or error recovery guidance. The checklist at the end is static and not integrated into a workflow. | 1 / 3 |
Progressive Disclosure | Monolithic wall of content with no references to external files. All five patterns, the checklist, and best practices are inlined in a single massive document. No bundle files exist, but the content is clearly long enough to warrant splitting into separate files (e.g., consent management, DSAR handling, breach notification as separate references). | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (625 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- wshobson/agents
- Commit
34632bc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.