Have we considered the need to start with a data protection impact assessment (DPIA)?
This page is a fallback for search engines and cases when javascript fails or is disabled.
Please view this card in the library, where you can also find the rest of the plot4ai cards.
Have we considered the need to start with a data protection impact assessment (DPIA)?
The use of AI is more likely to trigger the requirement for a DPIA, based on criteria in Art 35 GDPR. The GDPR and the EDPB’s Guidelines on DPIAs identify both “new technologies” and the type of automated decision-making that produce legal effects or similarly significantly affect persons as likely to result in a “high risk to the rights and freedoms of natural persons”.
If you answered No then you are at risk
If you are not sure, then you might be at risk too
Recommendations
- This threat modeling library can help you to assess possible risks.
- Remember that a DPIA is not a piece of paper that needs to be done once the product is in production. The DPIA starts in the design phase by finding and assessing risks, documenting them and taking the necessary actions to create a responsible product from day one until it is finalized.
- Consider the time and resources that you might need for the execution of a DPIA, as it could have some impact on your project deadlines.