WHAT IS THE GDPR?
ACTORS IN PERSONAL DATA PROCESSING OPERATIONS
DATA TYPES
PERSONAL DATA
Any information relating to an identified or identifiable natural person (‘data subject’); who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person [Art. 4(1)]
SPECIAL CATEGORIES OF PERSONAL DATA
⮚ Stronger protection than ordinary
personal data.
⮚ Exhaustive list in Article 9(1), GDPR.
⮚ Processing is prohibited except in the
circumstances in Article 9 GDPR.
NON-PERSONAL DATA
⮚ Data originally not related to an identified or identifiable natural person.
⮚ Examples: weather data, company registration number, an email address such as info@company.com.
PRINCIPLES OF PROCESSING
RIGHTS OF THE DATA SUBJECT
EU ARTIFICIAL INTELLIGENCE (AI) ACT
RISK-BASED APPROACH
Unacceptable Risk – The highest risk level, prohibited in the EU. eg: Social Scoring
High Risk - Most regulated AI systems have the potential to cause significant harm.
Limited risk – Chatbots, deepfakes. Users must be informed they’re interacting with AI. Transparency Requirements.
Minimal Risk – Low-risk AI systems that can be deployed without additional restrictions. Eg: spam filters.
AI Value Chain
HIGH RISK AI SYSTEMS
HIGH RISK AI LEGAL REQUIREMENTS
GDPR & AI Act
Zuletzt geändertvor einem Monat
