GDPR & AI
General Data Protection Regulation in the AI context – data processing agreements, data subject rights, data protection impact assessment.
Data Processing Agreements for AI Services
How to meet GDPR data processing agreement requirements when using AI cloud services.
Art. 5 GDPR – Principles for Processing Personal Data
The seven data processing principles under Art. 5 GDPR – with AI-specific guidance on data minimisation, purpose limitation, accountability and automated systems.
Data Subject Rights in AI Systems
Overview of data subject rights under GDPR in the context of AI-assisted decision-making.
Art. 6 GDPR – Lawfulness of Processing
The six legal bases under Art. 6 GDPR in detail – with particular focus on AI systems, consent, legitimate interest and purpose change for model training.
Art. 9 GDPR – Special Categories of Personal Data
Which special categories of personal data are particularly protected under Art. 9 GDPR? Overview of the processing prohibition, exceptions and AI-specific risks such as proxy discrimination and sensitive inferences.
Art. 13/14 GDPR – Information Obligations for AI Systems
What information obligations apply under Art. 13 and 14 GDPR when deploying AI systems? Transparency requirements, automated decisions, logic explanation and sample wording for AI privacy notices.
Art. 25 GDPR – Privacy by Design and Privacy by Default
What do Privacy by Design and Privacy by Default mean under Art. 25 GDPR? Technical and organisational requirements for AI systems, architecture principles and a practical developer checklist.
Art. 35 GDPR – Data Protection Impact Assessment (DPIA) for AI Systems
When is a Data Protection Impact Assessment required under Art. 35 GDPR for AI systems? Structure, process, AI-specific risks and connection to the EU AI Act.
Art. 44–49 GDPR – Third-Country Transfers for AI Services
When does a third-country transfer under Art. 44–49 GDPR apply? Adequacy decisions, Standard Contractual Clauses (SCCs), Transfer Impact Assessment (TIA) and practical guidance for cloud and LLM usage.
Need legal clarity?
For specific legal questions on the AI Act and GDPR, specialized legal advice focusing on AI regulation, data protection and compliance structures is available.
Independent legal advice. No automated legal information. The platform ai-playbook.eu does not provide legal advice.
Not sure where you stand?
If your AI use case does not clearly fit into a category, send us a brief description — we will point you in the right direction.