Introduction We are undergoing a technological revolution that is unlike anything we have experienced before. The speed of the disruption to almost every industry is not easy to anticipate yet we see evidence of the impact everywhere. It is changing the way we live and work – and Covid-19 is likely to accelerate this digitization. Digital transformation, and with it the focus on big data analytics and the adoption of evolving technologies like IoT, cloud computing and AI, is making every business a data business. For any organisation, data will likely become the air you breathe. This article aims to
Background AI is a hot topic, not least among the Data Protection Authorities, who have recently been very active developing guidance papers aimed at helping organisations grasp and assess the complexities involved. Examples of such publications include the very recent and open for consultation ICO’s AI auditing framework, or 2018 report from Norwegian DPA on Artificial Intelligence and privacy. These documents look at implications for data protection, and challenges of AI compliance with GDPR. This blog article attempts to present selected considerations and challenges that DPOs should keep in mind when preparing a DPIA for Artificial Intelligence. It does not comprehensively cover all aspects of data protection compliance, rather it
Introduction Since GDPR entered into force a lot has been said and written about the way organisations can collect and then process personal data they have. In my opinion though, not much attention has been devoted to re-using personal data that already are in companies’ databases. Under the GDPR any processing of personal data is possible subject to fulfilment of several principles and conditions. One of them (and in my opinion one of the most important) is the purpose limitation principle. Organisations subject to the GDPR regime are not only required to specify the purpose for which they want to
Notwithstanding the excellent quality of much of the data privacy content available, the availability of information in relation to the practical implementation of data privacy requirements and best practices is limited, and the practical struggles that an organisation faces have received little attention.