since automated decision-making counts as high-risk processing, you need to conduct aData Protection Impact Assessment (DPIA)to show you’ve understood and mitigated the risks of this kind of processing
AI Governance via Impact Assessments:When data processing presents a “heightened risk of harm to consumers,” companies must internally conduct and document a “data privacy impact assessment” (DPIA). This impacts AI because state privacy statutes require DPIAs for processing activities that often i...
Understand what AI the business is using and what it does. Consider both AI that has been specifically developed or procured, and wider AI tools that staff are accessing and using for their work. Identify whether any of the business' AI systems will fall within the scope of the AI Act. ...