Material Requirements of the GDPR regarding the Introduction and Operation of AI-Applications

2 minute read | September.01.2023

Deutsch: Wesentliche Anforderungen der DS-GVO bei Einführung und Betrieb von KI-Anwendungen

In the current edition of the leading German data privacy law journal Zeitschrift für Datenschutz (9/2023), Daniel Ashkar provides an instructive overview on material requirements of the EU General Data Protection Regulation (GDPR) in relation to artificial intelligence (AI) applications as well as practical guidance in relation thereto.

The article covers the responsibilities of involved parties and related contractual requirements, relevant legal bases under the GDPR, notice requirements, data subject rights, the (potential) obligation to perform a data protection impact assessment, technical and organizational security measures as well as Privacy by Design and by Default, and requirements on data retention and on automated individual decision-making.

Additionally, the article provides practical guidance in relation to the aforementioned topics and requirements.