Overview
The GDPR policy ensures AI interactions comply with the General Data Protection Regulation by detecting when AI systems process personal data and requiring appropriate human oversight.What It Detects
Personal Data Processing
Any AI operation that handles identifiable personal information
Special Categories
Sensitive data like health, biometric, political, or religious information
Third-Country Transfers
Data transfers outside the EU/EEA requiring additional safeguards
Automated Decision Making
AI decisions with legal or significant effects on individuals
Risk Assessment
The AI evaluator analyzes requests for GDPR implications:High Risk Scenarios
- Processing special categories of personal data
- Automated decision-making affecting rights
- Large-scale data processing operations
- Cross-border data transfers to non-adequate countries
Medium Risk Scenarios
- Standard personal data processing
- Data subject requests (access, deletion, portability)
- Marketing communications with personal data
- Employee data processing
Low Risk Scenarios
- Anonymous data processing
- Public information usage
- Legitimate interests with minimal privacy impact
Compliance Checks
Lawful Basis
Lawful Basis
Consent: Verifies proper consent mechanisms
Contract: Confirms data processing necessity for contracts
Legitimate Interest: Validates legitimate interest assessments
Legal Obligation: Ensures compliance with legal requirements
Contract: Confirms data processing necessity for contracts
Legitimate Interest: Validates legitimate interest assessments
Legal Obligation: Ensures compliance with legal requirements
Data Subject Rights
Data Subject Rights
Access Rights: Handling of data access requests
Rectification: Data correction and updating procedures
Erasure: Right to be forgotten implementations
Portability: Data export and transfer mechanisms
Rectification: Data correction and updating procedures
Erasure: Right to be forgotten implementations
Portability: Data export and transfer mechanisms
Privacy by Design
Privacy by Design
Data Minimization: Only processing necessary data
Purpose Limitation: Using data only for stated purposes
Accuracy: Ensuring data correctness and currency
Storage Limitation: Appropriate data retention periods
Purpose Limitation: Using data only for stated purposes
Accuracy: Ensuring data correctness and currency
Storage Limitation: Appropriate data retention periods
Assessment Tags
The policy generates specific tags for routing and analytics:- #PersonalData - General personal data processing
- #SpecialCategory - Sensitive data under Article 9
- #ChildData - Data of minors requiring extra protection
- #EmployeeData - Workplace data processing
- #CustomerData - Customer relationship data
- #HealthData - Medical and health-related information
- #BiometricData - Biometric identifiers and templates
- #ThirdCountry - International data transfers
Recommendations
The AI provides specific guidance for GDPR compliance:Auto-Approve Recommendations
- Anonymous data processing with confirmed anonymization
- Public information usage within reasonable bounds
- Internal operations with minimal privacy impact
Human Review Recommendations
- First-time personal data processing for new purposes
- Cross-border transfers requiring adequacy decisions
- Data subject requests requiring interpretation
- Marketing activities with potential privacy implications
Block Recommendations
- Processing without valid lawful basis
- Special category data without explicit consent
- Transfers to countries without adequate protection
- Automated decision-making without appropriate safeguards