The Finnish Office of the Data Protection Ombudsman (DPO) has issued new guidance detailing how organisations must ensure personal data used in AI systems complies with data protection laws, including the EU’s General Data Protection Regulation (GDPR) and the EU AI Act. This guidance emphasises that organisations must assess data protection risks from the data subject’s perspective before processing any personal data within an AI system, determining necessary security measures, and identifying when a Data Protection Impact Assessment (DPIA) is mandatory due to high-risk processing. Furthermore, the DPO clarifies that a legal basis is always required for processing personal data in AI development, use, or training, and provides instructions on adhering to GDPR principles like data minimisation and purpose limitation, as well as guidelines for informing individuals about data processing and exceptions to this obligation.
Click here for the official article/release
Disclaimer
The Legal Wire takes all necessary precautions to ensure that the materials, information, and documents on its website, including but not limited to articles, newsletters, reports, and blogs (“Materials”), are accurate and complete. Nevertheless, these Materials are intended solely for general informational purposes and do not constitute legal advice. They may not necessarily reflect the current laws or regulations. The Materials should not be interpreted as legal advice on any specific matter. Furthermore, the content and interpretation of the Materials and the laws discussed within are subject to change.
