GDPR
GDPR affects how LLMs, CRM systems, or automation workflows may handle names, emails, salaries, and other identifying data. Reviewing the supplier DPA (data processing agreement) is standard.
Minimize data use: pseudonymize where possible, request consent where required, and track data withdrawal requests. Related: AI bias in decisions that affect individuals.
Key characteristics
- Governs how personal data can be collected, stored, shared, and used in AI-related processes.
- Makes data minimization, legal basis, and DPAs central when using external AI services.
- Is especially important in CRM, HR, support, and other workflows involving identifiable information.