{"id":17123,"date":"2025-04-07T13:24:22","date_gmt":"2025-04-07T11:24:22","guid":{"rendered":"https:\/\/www.robin-data.io\/?p=17123"},"modified":"2025-04-07T13:46:33","modified_gmt":"2025-04-07T11:46:33","slug":"ki-und-datenschutz-praxisleitfaden","status":"publish","type":"post","link":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden","title":{"rendered":"AI and data protection in practice"},"content":{"rendered":"<div  class='flex_column av-6kd3hhc-f210d8e5670c4cb7b18b66478d4e24f6 av_one_full  avia-builder-el-0  el_before_av_one_full  avia-builder-el-first  first flex_column_div'     ><p><section  class='av_textblock_section av-lati8klg-df702c5e62672e1537553135294c3e62'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\">Data Protection Academy<\/a> \u00bb <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\">Data Protection Wiki<\/a>\u00a0\u00bb <strong>AI and data protection<\/strong><\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-66vichs-e6cbbf426e5e30a1dc5139d363f8173a\">\n.avia-image-container.av-66vichs-e6cbbf426e5e30a1dc5139d363f8173a img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-66vichs-e6cbbf426e5e30a1dc5139d363f8173a .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-66vichs-e6cbbf426e5e30a1dc5139d363f8173a av-styling- avia-align-left  avia-builder-el-2  el_after_av_textblock  el_before_av_hr'   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" loading=\"lazy\" class='wp-image-16986 avia-img-lazy-loading-16986 avia_image' src=\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\" alt='AI and data protection' title='AI and data protection'  height=\"343\" width=\"685\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png 685w, https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai-300x150.png 300w, https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai-18x9.png 18w\" sizes=\"auto, (max-width: 685px) 100vw, 685px\" \/><\/div><\/div><\/div><br \/>\n<div  class='hr av-5qtkvkw-410af83d638c329078749686c01f2314 hr-default  avia-builder-el-3  el_after_av_image  el_before_av_heading'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-579ysv4-106743efd1c86223a2332c44118af32f\">\n#top .av-special-heading.av-579ysv4-106743efd1c86223a2332c44118af32f{\npadding-bottom:10px;\ncolor:#303440;\n}\nbody .av-special-heading.av-579ysv4-106743efd1c86223a2332c44118af32f .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-579ysv4-106743efd1c86223a2332c44118af32f .special-heading-inner-border{\nborder-color:#303440;\n}\n.av-special-heading.av-579ysv4-106743efd1c86223a2332c44118af32f .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-579ysv4-106743efd1c86223a2332c44118af32f av-special-heading-h1 custom-color-heading  avia-builder-el-4  el_after_av_hr  el_before_av_hr'><h1 class='av-special-heading-tag'  itemprop=\"headline\"  >AI and data protection in practice - between innovation and regulation<\/h1><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lf6r8za7-8c6f9c6ec4c065713c89d1769ff1d702\">\n#top .hr.hr-invisible.av-lf6r8za7-8c6f9c6ec4c065713c89d1769ff1d702{\nheight:24px;\n}\n<\/style>\n<div  class='hr av-lf6r8za7-8c6f9c6ec4c065713c89d1769ff1d702 hr-invisible  avia-builder-el-5  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-4f1falc-043d77d7df3d75eac536b820187017e4'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The rapid spread of artificial intelligence (AI) in organisations requires an early and integrated consideration of data protection in this area <strong>AI and data protection<\/strong>. Although the AI Regulation (KI-VO) creates a framework for high-risk AI, compliance with existing data protection laws such as the GDPR and BDSG remains essential. The decisive factor here is that AI is primarily a tool for achieving objectives (e.g. process optimisation); the data protection law basis results from the respective use case and purpose in accordance with the GDPR. This requires a holistic approach, from a clear definition of purpose and DPIA to data minimisation and transparency. The AI Regulation itself also addresses aspects relevant to data protection, such as training data. This article sheds light on how we can combine <strong>AI and data protection<\/strong> not only as a challenge, but to proactively shape solutions for a responsible future.<\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lchmt9o6-cec7752dd6c5512fb078d78f9361f70e\">\n#top .av-special-heading.av-lchmt9o6-cec7752dd6c5512fb078d78f9361f70e{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-lchmt9o6-cec7752dd6c5512fb078d78f9361f70e .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-lchmt9o6-cec7752dd6c5512fb078d78f9361f70e .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-lchmt9o6-cec7752dd6c5512fb078d78f9361f70e av-special-heading-h2 blockquote modern-quote  avia-builder-el-7  el_after_av_textblock  el_before_av_textblock'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Key information on AI and data protection<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-lchnro6e-870e37f8b8bc8705508f33f6a670411a'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><ul>\n<li>Data protection must be considered on an application-specific basis. The <strong>GDPR applies regardless of the technology<\/strong>. When using AI, the specific purpose of the processing is decisive for the legal basis and compliance with data protection principles.<\/li>\n<li>AI Regulation supplements the GDPR, but does not replace it. The AI Regulation creates specific rules for AI systems, in particular high-risk AI, and specifies data protection obligations (e.g. transparency, data quality). The <strong>However, the GDPR remains the foundation<\/strong> for the protection of personal data.<\/li>\n<li><strong>Transparency and information<\/strong> are particularly challenging and important when using AI. Due to the complexity of many AI systems, organisations must make special efforts to provide data subjects with clear information about data processing, automated decisions and their rights.<\/li>\n<li>The <strong>Data protection principles of the GDPR<\/strong> also apply to AI and require specific considerations. From legality, purpose limitation and data minimisation to accountability, all principles must be carefully examined and implemented in the context of AI systems.<\/li>\n<li>AI can also be used to <strong>Support for GDPR compliance<\/strong> can be used. Automation of routine tasks (document analysis, data subject rights), monitoring compliance, analysing data flows and detecting data protection violations are possible fields of application. Data protection should therefore not be seen as an obstacle to innovation, but as an integral part of AI projects.<\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div>\n<div class='flex_column_table av-lchmhnod-f1b341c3ad251cf840e6a90a1f1df7e7 sc-av_one_full av-equal-height-column-flextable'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lchmhnod-f1b341c3ad251cf840e6a90a1f1df7e7\">\n.flex_column.av-lchmhnod-f1b341c3ad251cf840e6a90a1f1df7e7{\npadding:25px 25px 25px 25px;\nbackground-color:#f7f7f7;\n}\n<\/style>\n<div  class='flex_column av-lchmhnod-f1b341c3ad251cf840e6a90a1f1df7e7 av_one_full  avia-builder-el-9  el_after_av_one_full  el_before_av_hr  first flex_column_table_cell av-equal-height-column av-align-top  column-top-margin'     ><section  class='av_textblock_section av-kiipug5e-71d2c8f0de795210673e2f91b4232926'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Content on the topic of AI and data protection:<\/h2>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8\">\n#top .avia-icon-list-container.av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8 .iconlist_icon{\ncolor:#127db3;\nfont-size:20px;\n}\n#top .avia-icon-list-container.av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8 .iconlist_icon svg:first-child{\nstroke:#127db3;\nfill:#127db3;\nheight:20px;\nwidth:20px;\n}\n#top #wrap_all .avia-icon-list-container.av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8 .av_iconlist_title{\nfont-size:20px;\n}\n<\/style>\n<div  class='avia-icon-list-container av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8  avia-builder-el-11  el_after_av_textblock  el_before_av_hr'><ul class='avia-icon-list avia_animate_when_almost_visible avia-icon-list-left av-iconlist-small av-kiiw1urp-f27e17df72223b7dbe3b5605698b72d8 avia-iconlist-animate'>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-1293f77a73cbe570cf4242b93b1612e8 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#innovation-regulierung&#039; title=&#039;Between innovation and regulation&#039;&gt;Between innovation and regulation&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#innovation-regulierung' title='Between innovation and regulation'>Between innovation and regulation<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-1-5f3a8ee424231ece1e6b97ec49171b28 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#rechtsrahmen&#039; title=&#039;Legal framework for the processing of personal data using AI&#039;&gt;Legal framework for the processing of personal data using AI&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#rechtsrahmen' title='Legal framework for the processing of personal data using AI'>Legal framework for the processing of personal data using AI<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-d05fab36a518881224df39cb1ca03a0f avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#black-box&#039; title=&#039;The &amp;quot;black box&amp;quot; of AI: a challenge for transparency and data subject rights&#039;&gt;The &quot;black box&quot; of AI: a challenge for transparency and data subject rights&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#black-box' title='The &quot;black box&quot; of AI: a challenge for transparency and data subject rights'>The \"black box\" of AI: a challenge for transparency and data subject rights<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-7-3-1-3-208a77a3ad095609df82ad59a3c5c824 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#dsgvo-konforme-verarbeitung&#039; title=&#039;GDPR-compliant processing of personal data by AI&#039;&gt;GDPR-compliant processing of personal data by AI&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#dsgvo-konforme-verarbeitung' title='GDPR-compliant processing of personal data by AI'>GDPR-compliant processing of personal data by AI<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><ul>\n<li><a href=\"#dsgvo-konforme-verarbeitung\">AI and the data protection principles under Article 5 of the GDPR: A practical guide<\/a><\/li>\n<li><a href=\"#transparenz\">Transparency, information obligations and automated decisions: Trust through information<\/a><\/li>\n<li><a href=\"#betroffenenrechte\">Data subject rights remain in place when using AI<\/a><\/li>\n<li><a href=\"#vvt\">The processing directory as the key to transparency<\/a><\/li>\n<li><a href=\"#dsfa\">Data protection impact assessment (DPIA) for AI: a must<\/a><\/li>\n<li><a href=\"#loeschkonzept\">Erasure concepts in the AI era: implementing the right to be forgotten<\/a><\/li>\n<\/ul>\n<\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-1665bfb07cbee81dd70dc8f9741da086 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#chancen&#039; title=&#039;Can artificial intelligence support compliance with the GDPR?&#039;&gt;Can artificial intelligence support compliance with the GDPR?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#chancen' title='Can artificial intelligence support compliance with the GDPR?'>Can artificial intelligence support compliance with the GDPR?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-7-3-1-3-1-bfe81728336e3566b4f7c450e7d5ff33 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#aufsichtsbehoerden&#039; title=&#039;Artificial intelligence and data protection: requirements, recommendations and positions of the supervisory authorities&#039;&gt;Artificial intelligence and data protection: requirements, recommendations and positions of the supervisory authorities&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#aufsichtsbehoerden' title='Artificial intelligence and data protection: requirements, recommendations and positions of the supervisory authorities'>Artificial intelligence and data protection: requirements, recommendations and positions of the supervisory authorities<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-7-3-1-3-1-1-baa13c9c04cf34616f29214a6ca9aeec avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#urteile&#039; title=&#039;Court judgements already in force on the subject of artificial intelligence and data protection&#039;&gt;Court judgements already in force on the subject of artificial intelligence and data protection&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#urteile' title='Court judgements already in force on the subject of artificial intelligence and data protection'>Court judgements already in force on the subject of artificial intelligence and data protection<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7jdvf-2-2-1-1-11-9-2-2-13-7-3-1-3-1-1-1-a8c6404d189bc09bbf5f96c3df2e8455 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#fazit-ki-datenschutz&#039; title=&#039;Conclusion: Accepting the challenges of AI and data protection and finding solutions&#039;&gt;Conclusion: Accepting the challenges of AI and data protection and finding solutions&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#fazit-ki-datenschutz' title='Conclusion: Accepting the challenges of AI and data protection and finding solutions'>Conclusion: Accepting the challenges of AI and data protection and finding solutions<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<\/ul><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kdu4eeyn-eb3f32c0008bb0ef46b2ec5ca7bda5fa\">\n#top .hr.hr-invisible.av-kdu4eeyn-eb3f32c0008bb0ef46b2ec5ca7bda5fa{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-kdu4eeyn-eb3f32c0008bb0ef46b2ec5ca7bda5fa hr-invisible  avia-builder-el-12  el_after_av_iconlist  avia-builder-el-last'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><\/p><\/div><\/div><!--close column table wrapper. Autoclose: 1 --><div  id=\"innovation-regulierung\"  class='hr av-vcnsoz-8dddb73c274713affd872db4aeb1da6d hr-default  avia-builder-el-13  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><\/p>\n<div  class='flex_column av-s3woyr-a9c4f1ba25716fae634a20a625aab63d av_one_full  avia-builder-el-14  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-m96rkcxz-3fd1c97fd7b3ee24ba22dcd1fe1a78bf'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Between innovation and regulation<\/h2>\n<p>Artificial intelligence (AI) is currently caught between the pressure to innovate and regulatory responsibility like no other topic. According to the <a href=\"https:\/\/www.bitkom.org\/Bitkom\/Publikationen\/KI-in-Deutschland-Perspektiven\" target=\"_blank\" rel=\"noopener\">Bitkom guide<\/a> By 2024, 22 % of employees will be using generative AI with their employer's knowledge - and the trend is rising. However, this development is also increasing the complexity of data protection requirements. The functioning of AI systems, whether in the form of machine learning (ML), the analysis of huge amounts of data (big data analytics) or the use of large language models (LLMs), raises important data protection issues. How can these technologies be reconciled with the principles of the GDPR?<\/p>\n<p><strong>AI basics for data protectionists:<\/strong><\/p>\n<ul>\n<li>Algorithms as a basis: Every AI is based on algorithms - detailed instructions that computers follow.<\/li>\n<li>Learning from data: ML systems \"learn\" from data in order to recognise patterns and make predictions. The more data, the better the results often are.<\/li>\n<li>Big data as fuel: Analysing large amounts of data is essential for many AI applications in order to find meaningful patterns.<\/li>\n<li>Speech processing of the future: LLMs enable machines to understand and generate human speech, enabling new forms of interaction.<\/li>\n<\/ul>\n<\/div><\/section><\/div>\n<div  id=\"rechtsrahmen\"  class='hr av-yqpnkd-525160e5b4b5fe019adf3188ab7d86e4 hr-default  avia-builder-el-16  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-4vy4wzn-7e12b95622ef05eccc8a65a3c8ae555c av_one_full  avia-builder-el-17  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-wtl8df-9d4cad185b07d6ec7a474bd7a6068788'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Legal framework for the processing of personal data using AI<\/h2>\n<p>The processing of personal data by artificial intelligence (AI) is subject to a complex interplay of different legal standards. The most important pillars of this framework are the General Data Protection Regulation (GDPR) and the future AI Regulation.<\/p>\n<h3>The GDPR: The foundation of data protection<\/h3>\n<p>The General Data Protection Regulation (GDPR) forms the central foundation for the protection of personal data in the European Union. It regulates the processing of personal data by public and private bodies. The processing of personal data by AI systems must always be based on a lawful basis. Whether consent, contract or legitimate interest - the choice of legal basis requires careful consideration. In addition, the purpose of the data processing must be clearly defined and the amount of data must be limited to the necessary minimum.<\/p>\n<p><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/general-data-protection-regulation-eu-gdpr\">Here is the link to the blog post \"General Data Protection Regulation (EU GDPR)\"<\/a><\/p>\n<h3>The AI Regulation: Specific rules for artificial intelligence<\/h3>\n<p>With the AI Regulation, the European Union has created the world's first comprehensive legal framework for artificial intelligence. The aim of the regulation is to establish standardised rules for the development, marketing and use of AI systems and, in particular, to protect the safety and fundamental rights of citizens.<\/p>\n<p>For the first time, the EU AI Regulation creates a comprehensive legal framework for AI that protects security and fundamental rights. With regard to personal data, it supplements and concretises the GDPR with a risk-based approach with strict requirements for high-risk AI in terms of transparency, accuracy and human oversight. Specific transparency obligations apply to AI systems that interact with people or create synthetic content, including the disclosure of the use of personal data in training. Providers and users of AI systems have obligations to ensure safe and fundamental rights-compliant use, including the protection of personal data. The AI Regulation builds on the GDPR and clarifies it for AI, with the GDPR remaining the basis for data protection and the AI Regulation setting out additional requirements for AI systems. The legal framework for the processing of personal data using AI is created by the interaction of the GDPR and the AI Regulation, which requires careful consideration of both laws for companies to fulfil both general and specific AI requirements for lawful and responsible use.<\/p>\n<p><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/news\/ki-verordnung-aktueller-stand\">Link to the blog post \"AI regulation - current status\"<\/a><\/p>\n<h3>Requirements of the Global Privacy Assembly<\/h3>\n<p>The Global Privacy Assembly (GPA) has called for measures for the responsible use of artificial intelligence (AI) that go beyond the requirements of the General Data Protection Regulation (GDPR). These include, in particular, the assessment and disclosure of potential impacts on human rights, including the protection of data and privacy, prior to the use of AI. Furthermore, keeping detailed records of the impact assessment, design, development, testing and use of AI systems is considered essential. Another important point is to ensure transparency and openness by disclosing the use of AI, the data used and the underlying logic. These additional accountability obligations are aimed at comprehensively addressing the potential risks of AI and strengthening trust in these technologies.<\/p>\n<\/div><\/section><\/div>\n<div  id=\"black-box\"  class='hr av-m96zqpmd-cfeecb271c0b913a4241dc333562f348 hr-default  avia-builder-el-19  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-1tbspvn-9b4fbc0b175fa65111eed774a41c7373 av_one_full  avia-builder-el-20  el_after_av_hr  el_before_av_one_full  first flex_column_div'     ><section  class='av_textblock_section av-m96we2p8-f28b8d0066ba68ad722155ccc2564736'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2 data-sourcepos=\"1:1-1:82\">The \"black box\" of AI: a challenge for transparency and data subject rights<\/h2>\n<p data-sourcepos=\"3:1-3:618\">One of the biggest challenges in the area of conflict between AI and data protection is the lack of transparency of many AI systems, often referred to as \"black boxes\". With complex machine learning models in particular, it is often difficult to understand exactly how decisions or results are arrived at. This lack of traceability can make it considerably more difficult to comply with the transparency obligations of the GDPR (Art. 12-14) and hinder the effective exercise of data subjects' rights, such as the right of access (Art. 15 GDPR) or the right to an explanation of automated decisions (Art. 22 GDPR).<\/p>\n<p data-sourcepos=\"5:1-5:791\">To counter this problem, companies are required to take proactive measures. This includes detailed documentation of design decisions and the data used. In addition, alternative, more transparent AI architectures and methods should be considered (\"Explainable AI\" or XAI), which enable better traceability of decision-making. Close cooperation between data protection experts and IT managers is essential in order to develop strategies that guarantee both the innovative power of AI and the rights and protection of data subjects. Only through such an interdisciplinary approach can the \"black box\" of AI be illuminated to a certain extent and data protection-compliant use ensured.<\/p>\n<\/div><\/section><\/div>\n<div class='flex_column_table av-4jpx0ar-c19212e0318e77441dacf7726808e599 sc-av_one_full av-equal-height-column-flextable'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-4jpx0ar-c19212e0318e77441dacf7726808e599\">\n.flex_column.av-4jpx0ar-c19212e0318e77441dacf7726808e599{\npadding:25px 25px 25px 25px;\nbackground-color:#f7f7f7;\n}\n<\/style>\n<div  class='flex_column av-4jpx0ar-c19212e0318e77441dacf7726808e599 av_one_full  avia-builder-el-22  el_after_av_one_full  el_before_av_hr  first flex_column_table_cell av-equal-height-column av-align-top  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-m96vorj7-8f9901ecdc75c2510d2e16da445508af\">\n#top .av-special-heading.av-m96vorj7-8f9901ecdc75c2510d2e16da445508af{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-m96vorj7-8f9901ecdc75c2510d2e16da445508af .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-m96vorj7-8f9901ecdc75c2510d2e16da445508af .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-m96vorj7-8f9901ecdc75c2510d2e16da445508af av-special-heading-h3 blockquote modern-quote  avia-builder-el-23  el_before_av_magazine  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Our recommendations for further information<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<div  id=\"avia-magazine-1\"  class='av-magazine av-m96vjlf4-5076a2e9262bda6f029243c4ac216da7 av-magazine-top-bar-active av-magazine-tabs-active  avia-builder-el-24  el_after_av_heading  avia-builder-el-last   avia-builder-el-24  el_after_av_heading  avia-builder-el-last' ><div class='av-magazine-top-bar'><\/div><div class='av-magazine-group sort_all'><article class='av-magazine-entry av-magazine-entry-id-17156 av-magazine-format-standard av-magazine-type-post av-magazine-entry-1 av-magazine-entry-small'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"av-magazine-thumbnail\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms' title='Link to: DSMS according to DSGVO: Structure &amp; practical implementation' class='av-magazine-thumbnail-link'><img decoding=\"async\" fetchpriority=\"high\" width=\"80\" height=\"80\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1-80x80.jpg\" class=\"wp-image-14089 avia-img-lazy-loading-not-14089 attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1-80x80.jpg 80w, https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1-36x36.jpg 36w, https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1-180x180.jpg 180w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/div><div class=\"av-magazine-content-wrap\"><header class=\"entry-content-header\" aria-label=\"Post: DSMS according to DSGVO: Structure &amp; practical implementation\"><time class='av-magazine-time updated'  itemprop=\"datePublished\" datetime=\"2025-04-23T09:41:39+02:00\" >23 April 2025<\/time><h3 class='av-magazine-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms' title='Link to: DSMS according to DSGVO: Structure &amp; practical implementation'>DSMS according to GDPR: Structure &amp; practical implementation<\/a><\/h3><\/header><\/div><footer class=\"entry-footer\"><\/footer><\/article><article class='av-magazine-entry av-magazine-entry-id-13099 av-magazine-format-standard av-magazine-type-post av-magazine-entry-2 av-magazine-entry-small'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"av-magazine-thumbnail\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr' title='Link to: Activity report according to DSGVO' class='av-magazine-thumbnail-link'><img decoding=\"async\" fetchpriority=\"high\" width=\"80\" height=\"80\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten-80x80.jpg\" class=\"wp-image-14057 avia-img-lazy-loading-not-14057 attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten-80x80.jpg 80w, https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten-36x36.jpg 36w, https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten-180x180.jpg 180w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/div><div class=\"av-magazine-content-wrap\"><header class=\"entry-content-header\" aria-label=\"Post: Activity report according to GDPR\"><time class='av-magazine-time updated'  itemprop=\"datePublished\" datetime=\"2022-03-04T10:32:48+01:00\" >4 March 2022<\/time><h3 class='av-magazine-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr' title='Link to: Activity report according to DSGVO'>activity report according to GDPR<\/a><\/h3><\/header><\/div><footer class=\"entry-footer\"><\/footer><\/article><article class='av-magazine-entry av-magazine-entry-id-12641 av-magazine-format-standard av-magazine-type-post av-magazine-entry-3 av-magazine-entry-small'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"av-magazine-thumbnail\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/erasure-concept-gdpr' title='Link to: Deletion concept according to DSGVO' class='av-magazine-thumbnail-link'><img decoding=\"async\" fetchpriority=\"high\" width=\"80\" height=\"80\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten-80x80.jpg\" class=\"wp-image-14068 avia-img-lazy-loading-not-14068 attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten-80x80.jpg 80w, https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten-36x36.jpg 36w, https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten-180x180.jpg 180w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/div><div class=\"av-magazine-content-wrap\"><header class=\"entry-content-header\" aria-label=\"Post: Deletion concept according to GDPR\"><time class='av-magazine-time updated'  itemprop=\"datePublished\" datetime=\"2021-12-17T14:04:29+01:00\" >17 December 2021<\/time><h3 class='av-magazine-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/erasure-concept-gdpr' title='Link to: Deletion concept according to DSGVO'>Erasure concept according to the GDPR<\/a><\/h3><\/header><\/div><footer class=\"entry-footer\"><\/footer><\/article><article class='av-magazine-entry av-magazine-entry-id-1646 av-magazine-format-standard av-magazine-type-post av-magazine-entry-4 av-magazine-entry-small'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"av-magazine-thumbnail\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data' title='Link to: Personal data' class='av-magazine-thumbnail-link'><img decoding=\"async\" fetchpriority=\"high\" width=\"80\" height=\"80\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten-80x80.jpg\" class=\"wp-image-14066 avia-img-lazy-loading-not-14066 attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten-80x80.jpg 80w, https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten-36x36.jpg 36w, https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten-180x180.jpg 180w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/div><div class=\"av-magazine-content-wrap\"><header class=\"entry-content-header\" aria-label=\"Post: Personal data\"><time class='av-magazine-time updated'  itemprop=\"datePublished\" datetime=\"2021-07-26T11:20:49+02:00\" >26 July 2021<\/time><h3 class='av-magazine-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data' title='Link to: Personal data'>Personal data<\/a><\/h3><\/header><\/div><footer class=\"entry-footer\"><\/footer><\/article><article class='av-magazine-entry av-magazine-entry-id-1632 av-magazine-format-standard av-magazine-type-post av-magazine-entry-5 av-magazine-entry-small'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"av-magazine-thumbnail\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority' title='Link to: Data protection supervisory authority' class='av-magazine-thumbnail-link'><img decoding=\"async\" fetchpriority=\"high\" width=\"80\" height=\"80\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden-80x80.jpg\" class=\"wp-image-14070 avia-img-lazy-loading-not-14070 attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden-80x80.jpg 80w, https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden-36x36.jpg 36w, https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden-180x180.jpg 180w\" sizes=\"(max-width: 80px) 100vw, 80px\" \/><\/a><\/div><div class=\"av-magazine-content-wrap\"><header class=\"entry-content-header\" aria-label=\"Post: Data protection supervisory authority\"><time class='av-magazine-time updated'  itemprop=\"datePublished\" datetime=\"2021-07-25T15:17:52+02:00\" >25 July 2021<\/time><h3 class='av-magazine-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority' title='Link to: Data protection supervisory authority'>Data protection supervisory authority<\/a><\/h3><\/header><\/div><footer class=\"entry-footer\"><\/footer><\/article><\/div><\/div><\/p><\/div><\/div><!--close column table wrapper. Autoclose: 1 -->\n<div  id=\"dsgvo-konforme-verarbeitung\"  class='hr av-m96zsity-d80d2c229aea37d6050c81f3e221ee53 hr-default  avia-builder-el-25  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-3mksc03-b90300d8d3405d7672dc40a24d42cfd1 av_one_full  avia-builder-el-26  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-lo6y48l1-7c0e908a7726375d18bceac87b5d8be6'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>GDPR-compliant processing of personal data by AI<\/h2>\n<p>Many organisations are asking themselves the question: Is the use of AI compatible with the GDPR at all? The clear answer: Yes - under certain conditions. The use of AI technology does not automatically mean a breach of data protection. The GDPR is formulated in a technology-neutral way and ensures that new technologies can be integrated in a legally compliant manner, provided that certain principles are adhered to. It becomes particularly critical when AI systems process personal data, e.g. to make decisions about individuals. In these cases, stricter requirements such as Art. 22 GDPR (automated decisions in individual cases including profiling) apply.<\/p>\n<h3>AI and the data protection principles under Article 5 of the GDPR: A practical guide<\/h3>\n<p>Artificial intelligence (AI) offers enormous opportunities, but also presents organisations with complex data protection challenges. Compliance with the General Data Protection Regulation (GDPR) is essential. This article highlights the central data protection principles of Article 5 GDPR in the context of AI and provides practical advice for organisations.<\/p>\n<h4>1. lawfulness: the basis of all AI processing<\/h4>\n<p>Every use of AI, from development to training to application, must be based on a valid legal basis (Art. 6 and 9 GDPR). As the GDPR does not mention any specific AI bases, the general legal bases apply. What is important is that data protection must be integrated into AI development from the outset (privacy by design, Art. 25 GDPR). The purpose limitation is crucial for training data. Can data that has already been collected be used for AI training? Careful scrutiny is required here. The upcoming AI Regulation could allow an exception for innovation purposes in test environments under certain conditions (Art. 54 AI Regulation). Contract fulfilment (Art. 6 para. 1 lit. b) GDPR) may apply to AI systems that are an integral part of a service (e.g. generative AI). In the case of supporting AI (e.g. chatbots), the necessity must be examined on a case-by-case basis.<\/p>\n<p>If consent is used as a basis, it must be comprehensible, informed and voluntary (Art. 4 para. 11 GDPR). The transparency obligations (Art. 12 et seq. GDPR) require simple and precise information, which can be difficult with complex AI. It must be technically feasible to withdraw consent (privacy by design!). In the employment relationship, the voluntary nature of consent must be examined particularly critically.<\/p>\n<h4>2. good faith: avoid unexpected benefits<\/h4>\n<p>The principle of fairness requires fair and transparent data processing. In the case of AI, this means avoiding hidden, unexpected or disproportionate uses. Especially when training with large amounts of data (big data), the proportionality of the scope is crucial. Organisations must be able to understand what the AI model has learned with and from and whether the use of their own data impairs the right to be forgotten. Hidden AI use or algorithmic discrimination based on one-sided training data is unfair. A risk assessment for potential discrimination must be carried out before use, particularly with regard to equal opportunities in organisations.<\/p>\n<h4>3. transparency: comprehensible information is mandatory<\/h4>\n<p>Data subjects must be informed transparently and comprehensibly about the processing of their data by AI (Art. 13, 14 GDPR). Technically complex AI solutions must be explained simply. Organisations should supplement their data protection declarations with information on the use of AI, purpose, logic of automated decisions and potential risks. The upcoming AI regulation will bring additional transparency obligations (e.g. AI labelling) depending on the risk class.<\/p>\n<h4>4. earmarking: Do not misuse data for new purposes<\/h4>\n<p>The further processing of data already collected in AI systems for new, incompatible purposes is generally not permitted. Exceptions only apply for archiving, research or statistical purposes if these are compatible with the original purposes. The use of anonymised or publicly accessible data, on the other hand, is unproblematic. Many developers and product managers underestimate the importance of purpose limitation. Yet it is the centrepiece of data protection-compliant processing. Every AI project needs it:<\/p>\n<ul>\n<li>A clear definition of the processing purpose<\/li>\n<li>Documentation and verifiability of the purpose<\/li>\n<li>Mechanisms for deletion or anonymisation after purpose fulfilment<\/li>\n<\/ul>\n<p>Practical example: In a project to optimise personnel planning, we wanted to use historical employee data. The problem: this data was originally collected for payroll purposes. Further use was not permitted without the consent of the data subjects. Solution: Pseudonymisation of the data and redefinition of the processing purpose with a data protection impact assessment.<\/p>\n<h4>5. data minimisation: only process what is absolutely necessary<\/h4>\n<p>Data minimisation (Art. 5 para. 1 lit. c) GDPR) requires that only the data required for the respective purpose is processed. In AI training with large amounts of data, a careful proportionality check between the amount of data and training efficiency is necessary. The irreversible anonymisation of training data can be a data protection-compliant solution.<\/p>\n<h4>6. correctness: avoid incorrect AI results<\/h4>\n<p>Personal data must be factually correct (Art. 5 para. 1 lit. d) GDPR). AI systems, especially large language models, can generate so-called hallucinations - false but plausible-sounding information. Organisations must therefore critically examine and verify AI results in order to comply with the right to rectification (Art. 16 GDPR).<\/p>\n<h4>7. accountability: being able to demonstrate compliance<\/h4>\n<p>Organisations must not only ensure compliance with the GDPR, but also be able to prove it (Art. 5 para. 2 GDPR). This requires appropriate technical and organisational measures, including a processing directory, data protection guidelines, documentation of data protection violations, order processing contracts, data protection impact assessments and privacy by design\/default. This evidence must also include compliance with data protection principles when using AI and their documentation. For AI, the Global Privacy Assembly also requires impact assessments, registers of AI development and use as well as transparency regarding AI use, data and logic.<\/p>\n<\/div><\/section><\/div>\n<div  id=\"transparenz\"  class='hr av-m96zxhl5-0c2a9f0fc1e91edc51a9de7cd61fa802 hr-default  avia-builder-el-28  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-352xv4z-4e074031ef0973c2f0255a3ea6c5cc04 av_one_full  avia-builder-el-29  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-m96zwn45-1844a901c4e5b7c8d92838a115745ffc'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Transparency, information obligations and automated decisions: Trust through information<\/h3>\n<p>Transparency in the context of AI goes far beyond a standard data protection notice on the website. Data subjects have a right to be informed in detail about:<\/p>\n<ul>\n<li>What data is collected in connection with the AI system.<\/li>\n<li>How this data is processed and what it is specifically used for.<\/li>\n<li>Whether automated decision-making takes place and the logic behind it.<\/li>\n<li>What rights you have with regard to your data.<\/li>\n<\/ul>\n<p>The transparency principles of the GDPR (Art. 5 para. 1 lit. a) explicitly require comprehensible information when processing personal data, which poses a particular challenge in the complex field of AI. Transparency is not only a legal obligation (Art. 12-14, Art. 6, 7 GDPR and, in future, the AI Regulation), but also creates the necessary acceptance for the use of AI systems.<\/p>\n<h4>The detailed information obligations under Art. 13 and 14 GDPR<\/h4>\n<p>Articles 13 and 14 of the GDPR set out detailed information obligations that controllers must fulfil when collecting personal data. This includes information about the controller itself, the specific processing purposes and the respective legal bases. Recipients of the data, the planned storage period, the rights of data subjects (information, rectification, erasure, etc.), the obligation to provide the data and the existence of automated decision-making, including profiling, must also be disclosed. If the data is not collected directly from the data subject (Art. 14 GDPR), information on the origin of the data must also be provided.<\/p>\n<h4>Special challenges with AI: Automated decisions and complexity<\/h4>\n<p>In the context of AI, the specific implementation of transparency and, in particular, information about automated decisions and profiling is of particular importance. The complexity here is often increased by AI-specific information, which will also be supplemented by the AI Regulation in the future. In order to fulfil these information obligations, various solutions can be considered, such as links to more detailed explanations, QR codes, easy-to-understand symbols or supplementary paper documents. The reasonableness of obtaining information for the persons concerned must always be taken into account.<\/p>\n<h4>Automated decisions (Art. 22 GDPR): Making the logic understandable<\/h4>\n<p>Particular attention must be paid to information on automated decisions in individual cases in accordance with Article 22 (1) and (4) GDPR. Here, meaningful information must be provided about the logic involved, the scope and the intended effects of the automated decision. In the case of AI applications that have direct customer contact, such as automated claims settlement, this information can also be provided outside of the actual application. However, full disclosure of the exact logic also harbours risks of misuse. In many cases, a data protection impact assessment (DPIA) in accordance with Article 35(1) and (3)(a) GDPR is required in connection with automated decisions by AI. In addition, it is strongly recommended not to base significant decisions solely on AI, but to implement a \"human-in-the-loop\" strategy in which human review and intervention remain possible.<\/p>\n<h3><\/h3>\n<h3><\/h3>\n<p>According to Art. 22 GDPR, data subjects must not be subject to a decision based solely on automated processing which produces legal effects concerning them or significantly affects them. Data controllers should ensure that<\/p>\n<ul>\n<li>That people are involved in the decision-making processes<\/li>\n<li>That comprehensible criteria are used for evaluation<\/li>\n<li>That data subjects are informed about the logic and consequences of the processing<\/li>\n<\/ul>\n<\/div><\/section><\/div>\n<div  id=\"betroffenenrechte\"  class='hr av-m96zxqw4-fdbcb213b50f6f700d1aa6415286c61d hr-default  avia-builder-el-31  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-14t9vvn-2d0a15d7bfe2a2d349eeb1cc671b0eed av_one_full  avia-builder-el-32  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-oaskcj-577ff438bdbed76c0b4fa44a3e93529d'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3 data-sourcepos=\"1:1-1:70\">Data subject rights remain in place when using AI<\/h3>\n<p data-sourcepos=\"3:1-3:751\">Even if artificial intelligence is based on complex algorithms, the rights of data subjects under the GDPR remain fully valid. This means that your right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 1 20 GDPR) and objection (Art. 21 GDPR) must also be guaranteed in the context of AI applications. The frequent lack of transparency of AI systems (\"black boxes\") poses a particular challenge. In order to overcome this and effectively guarantee data subjects' rights, detailed documentation of design decisions, the examination of alternative, more transparent AI approaches (\"explainable AI\") and close cooperation between data protection and IT officers are essential.<\/p>\n<\/div><\/section><\/div>\n<div  id=\"vvt\"  class='hr av-m96zxzhn-46ea73f13618fe9ec6d4c25753eecc23 hr-default  avia-builder-el-34  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-14gj7j7-63775f8eacf730e21258b9553ee6146a av_one_full  avia-builder-el-35  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-renwwz-3d8adfa3980833d2eb70ccbcb9584c88'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>The processing directory as the key to transparency<\/h3>\n<p>A central instrument for maintaining an overview and creating transparency is the record of processing activities (RPA) in accordance with Article 30 GDPR. All processing of personal data must be documented. Of course, this also applies to the use of artificial intelligence. Whether for the analysis of customer data, the automation of decision-making processes or the optimisation of marketing campaigns - if AI processes personal data, this must be recorded in the RPA.<\/p>\n<h4>A detailed VVT is essential for AI<\/h4>\n<p>A carefully managed VVT is crucial, especially in the context of AI applications, in order to:<\/p>\n<ul>\n<li>Ensure accountability. Organisations must be able to prove that data processing is lawful.<\/li>\n<li>fulfil the rights of data subjects: Only if organisations know which data is processed and how can requests from data subjects (e.g. information, deletion) be answered correctly.<\/li>\n<li>Assess risks: Transparent documentation helps to identify potential risks to the rights and freedoms of natural persons and to take appropriate protective measures.<\/li>\n<li>Shaping cooperation with AI providers: A clear VVT helps with the definition of responsibilities and the design of order processing contracts.<\/li>\n<\/ul>\n<h4>Create transparency in the VVT for AI applications<\/h4>\n<p>To counteract the lack of transparency of AI systems and create a meaningful VVT, you should consider the following aspects:<\/p>\n<ul>\n<li>Detailed description of the processing activity: Describe precisely which specific tasks the AI application performs in the processing process.<\/li>\n<li>Information on the types and categories of data used: Document in detail which types and categories of personal data are processed by the AI.<\/li>\n<li>Purpose of the processing: Explain clearly and comprehensibly the specific purpose of the processing of the data by the AI application. General formulations are not sufficient here.<\/li>\n<li>Recipients or categories of recipients: Indicate to whom the data processed by the AI may be disclosed (e.g. other departments, third-party providers).<\/li>\n<li>Deadlines for the deletion of data: Define how long the personal data processed by the AI will be stored and when it will be deleted. This can be a particular challenge for AI systems that are continuously learning.<\/li>\n<li>Information on the AI provider (if applicable): If you use AI services from external providers, document them as processors and record the corresponding order processing agreements.<\/li>\n<li>Control measures to ensure transparency: Document the measures you have implemented to obtain detailed information about data processing by the AI application and to shed light on the \"black box\". This can include, for example, the regular review of logs, inspection of the provider's documentation or internal audits.<\/li>\n<li>Threshold analysis: Analyse the threshold and create a data protection impact assessment if necessary.<\/li>\n<\/ul>\n<\/div><\/section><\/div>\n<div  id=\"dsfa\"  class='hr av-m96zy6zs-e6514ecf32ce37a83aea7952d3516eb8 hr-default  avia-builder-el-37  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-2oa7w03-5591117fedd90bdce173ee66bc9867d3 av_one_full  avia-builder-el-38  el_after_av_hr  el_before_av_one_full  first flex_column_div'     ><section  class='av_textblock_section av-m96ui4ic-3eab4249741707d8aca8d4f90e8267a0'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Data protection impact assessment (DPIA) for AI: a must<\/h3>\n<p>When processing personal data using AI, it is essential to carry out a DPIA in accordance with Art. 35 GDPR, as AI systems can harbour high risks for data subjects due to discrimination risks and a lack of control options. A threshold analysis determines whether there is a high risk and therefore a DPIA is mandatory; the decision must be documented in writing. The AI Regulation and the GDPR complement each other here, whereby high-risk AI systems are also likely to pose a high risk under data protection law according to the AI Regulation. In particular, the systematic assessment of personal aspects by AI (profiling), the processing of sensitive data or the comprehensive monitoring of publicly accessible areas require a DPIA. The GDPR explicitly lists the use of AI to control interactions or evaluate personal aspects as requiring a DPIA. The supervisory authority must be consulted in the event of a high risk without risk minimisation measures (Art. 36 GDPR). In addition, the DPIA obligation in the AI context may require the appointment of a DPO in accordance with Section 38 BDSG. As the risk assessment is often opaque, especially in the case of contract processing, it is crucial to deal with the DPIA at an early stage and to obtain information from the manufacturer in order to ensure the often time-consuming implementation before the start of the project. To summarise, the use of AI for automated decision-making or comprehensive personal evaluation generally makes a DPIA necessary.<\/p>\n<\/div><\/section><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-m87q43rt-9f63b0416fe2da3f1dc289652a79a629\">\n@keyframes av_boxShadowEffect_av-m87q43rt-9f63b0416fe2da3f1dc289652a79a629-column {\n0%   { box-shadow:  0 0 0 0 #ededed; opacity: 1; }\n100% { box-shadow:  0 0 5px 0 #ededed; opacity: 1; }\n}\n.flex_column.av-m87q43rt-9f63b0416fe2da3f1dc289652a79a629{\nbox-shadow: 0 0 5px 0 #ededed;\nborder-width:1px;\nborder-color:#ededed;\nborder-style:solid;\nborder-radius:5px 5px 5px 5px;\npadding:35px 25px 30px 25px;\n}\n<\/style>\n<div  class='flex_column av-m87q43rt-9f63b0416fe2da3f1dc289652a79a629 av_one_full  avia-builder-el-40  el_after_av_one_full  el_before_av_hr  first flex_column_div shadow-not-animated  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-m87q5e2k-b42b3cfd2d844877bc71211db2943bf2\">\n#top .av-special-heading.av-m87q5e2k-b42b3cfd2d844877bc71211db2943bf2{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-m87q5e2k-b42b3cfd2d844877bc71211db2943bf2 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-m87q5e2k-b42b3cfd2d844877bc71211db2943bf2 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"fazit\"  class='av-special-heading av-m87q5e2k-b42b3cfd2d844877bc71211db2943bf2 av-special-heading-h3 blockquote modern-quote  avia-builder-el-41  el_before_av_hr  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Newsletter registration<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kaqhpdsy-c149d804dc26de4da98e9603962fa194\">\n#top .hr.hr-invisible.av-kaqhpdsy-c149d804dc26de4da98e9603962fa194{\nheight:25px;\n}\n<\/style>\n<div  class='hr av-kaqhpdsy-c149d804dc26de4da98e9603962fa194 hr-invisible  avia-builder-el-42  el_after_av_heading  el_before_av_codeblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<br \/>\n<\/p><\/div>\n<div  id=\"loeschkonzept\"  class='hr av-m96zzbea-7187872446a433c12c4ba238738570be hr-default  avia-builder-el-45  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-21teioz-1212765ae8e41ebce8984a8688aaa889 av_one_full  avia-builder-el-46  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-m96uplz9-839e3146284f9386f8247805f9e95b63'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Erasure concepts in the AI era: implementing the right to be forgotten<\/h3>\n<p>The processing of personal data by AI systems requires well thought-out erasure concepts. A key challenge is that AI models often use complex and distributed storage systems, including cloud services, which can make it difficult to localise and delete data. An effective erasure concept must therefore take into account the specific storage structures and access mechanisms of these systems.<\/p>\n<p>The right to be forgotten (Art. 17 GDPR) obliges us to delete personal data under certain conditions. AI systems must be able to fulfil such requests efficiently and completely. Automated erasure mechanisms that remove data once its relevance has expired or upon request can play an important role here.<\/p>\n<p>It is also essential to document the entire deletion process. This serves as proof of compliance with data protection regulations and enables accountability to supervisory authorities and data subjects.<\/p>\n<\/div><\/section><\/div>\n<div  id=\"chancen\"  class='hr av-m9702hwg-bf9cd5bdfdda538219e4c7701a01be41 hr-default  avia-builder-el-48  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-1scqacj-00babc55e3de2b501e3776867cff0541 av_one_full  avia-builder-el-49  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-m96rljn6-3bcbff5fa0af0070f3e9abe74b621745'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Can artificial intelligence support compliance with the GDPR?<\/h2>\n<p>A solution-orientated approach could be to see data protection not as an obstacle to innovation, but as an integral part of the development and implementation of AI systems. Privacy by design and privacy by default are important keywords here. By adopting a risk-based approach, companies can focus their resources on the AI applications that harbour the greatest data protection risks. Many GDPR-related tasks are repetitive and time-consuming, which is where AI can provide valuable support.<\/p>\n<h3>AI support for repetitive data protection tasks<\/h3>\n<ul>\n<li><strong>Document analysis<\/strong>AI systems can quickly analyse large volumes of documents (e.g. contracts, guidelines, data protection declarations) to identify relevant data protection provisions and check for consistency.<\/li>\n<li><strong>Management of data subject rights<\/strong>The processing of requests from data subjects (information, correction, deletion, etc.) can be automated by AI-supported workflows, from the identification of the request to the provision of the information.<\/li>\n<li><strong>Creation and updating of processing directories<\/strong>AI can help to visualise data flows and extract information for the record of processing activities (RPA) and keep it up to date.<\/li>\n<\/ul>\n<h3>AI-supported monitoring of GDPR compliance:<\/h3>\n<ul>\n<li><strong>Detection of anomalies:<\/strong> AI-based systems can recognise unusual data access or movements that could indicate potential data breaches. Organisations must report data protection incidents to the competent data protection supervisory authority immediately and at the latest within 72 hours of becoming aware of the breach. An AI-supported early warning system can help organisations meet these deadlines.<\/li>\n<li><strong>Compliance checks:<\/strong> AI can automatically check policies and processes for compliance with GDPR requirements and generate alerts in the event of deviations.<\/li>\n<li><strong>Assessment of risks:<\/strong> By analysing data processing procedures, AI can recognise patterns and identify potential data protection risks at an early stage to enable preventative measures to be taken.<\/li>\n<\/ul>\n<h3>Analysing data flows using artificial intelligence:<\/h3>\n<ul>\n<li><strong>Visualisation of data streams:<\/strong> AI tools can visualise complex data flows automatically and thus increase traceability and transparency.<\/li>\n<li><strong>Identification of data leaks:<\/strong> By analysing network activities and data movements, AI can help to identify potential data leaks at an early stage and initiate countermeasures.<\/li>\n<\/ul>\n<h3>Monitoring the use of personal data for specific purposes:<\/h3>\n<ul>\n<li><strong>Analysis of usage patterns:<\/strong> AI systems can analyse whether personal data is being used in accordance with the specified purpose and raise the alarm in the event of misuse.<\/li>\n<li><strong>Monitoring of access authorisations<\/strong>AI can help to monitor access authorisations to personal data and ensure that only authorised persons have access.<\/li>\n<\/ul>\n<h3>Detection of data protection violations by AI:<\/h3>\n<ul>\n<li><strong>Automated detection of incidents:<\/strong> AI systems can recognise patterns that indicate a data breach (e.g. sudden increase in data access, unusual data transfers).<\/li>\n<li><strong>Support in analysing the causes:<\/strong> AI can help to quickly analyse the causes and scope of a data breach in order to initiate appropriate measures to contain and rectify it.<\/li>\n<li><strong>Automated reporting processes:<\/strong> KI can assist in the preparation and transmission of reports to the supervisory authorities.<\/li>\n<\/ul>\n<\/div><\/section><\/div>\n<div  id=\"aufsichtsbehoerden\"  class='hr av-m9702tjm-6464429abfda89fdc3f8ca1e80e6e60e hr-default  avia-builder-el-51  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-12hqrpf-d785af89bda5594b93b785af9809c8cf av_one_full  avia-builder-el-52  el_after_av_hr  el_before_av_hr  first flex_column_div'     ><section  class='av_textblock_section av-m96syzn9-a5b7bb639b35beb08125541a9243222d'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Artificial intelligence and data protection: requirements, recommendations and positions of the supervisory authorities<\/h2>\n<p>The German data protection supervisory authorities and the Federal Commissioner for Data Protection and Freedom of Information (BfDI) have also dealt intensively with the challenges and requirements of AI and data protection. They emphasise that the use of AI systems requires compliance with the General Data Protection Regulation (GDPR) and offer various guidance and statements in this regard.<\/p>\n<p>The <strong>BfDI<\/strong> for example, has published a statement on \"Generative Artificial Intelligence\" in which it emphasises the need for AI models to be developed and used in compliance with data protection regulations. In particular, it addresses issues of anonymisation, the legal basis for data processing and the rights of data subjects.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Konsultationsverfahren\/1_Anonymisierung\/Stellungnahmen\/KI-Bundesverband.html\" target=\"_blank\" rel=\"noopener\">Statement by KI Bundesverband<\/a><\/li>\n<li><a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/DokumenteBfDI\/Stellungnahmen\/2023\/StgN_Generative-K%C3%BCnstliche-Intelligenz.html\" target=\"_blank\" rel=\"noopener\">Statement to the German Bundestag on the topic of \"Generative Artificial Intelligence\"<\/a><\/li>\n<li><a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Pressemitteilungen\/DE\/2024\/02_KI-Verordnung.html\" target=\"_blank\" rel=\"noopener\">Press release BfDI welcomes the European AI Regulation<\/a><\/li>\n<li><a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Pressemitteilungen\/DE\/2024\/15_KI-EDSA.html\" target=\"_blank\" rel=\"noopener\">Press release Data protection enables responsible AI<\/a><\/li>\n<\/ul>\n<p>The <strong>Data Protection Conference (DSK)<\/strong>the body of independent German federal and state data protection supervisory authorities, has published guidance on AI and data protection. This provides those responsible with practical advice on how they can design AI applications in compliance with data protection regulations and emphasises the importance of transparency, data minimisation and the implementation of data protection impact assessments.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.datenschutzkonferenz-online.de\/media\/oh\/20240506_DSK_Orientierungshilfe_KI_und_Datenschutz.pdf?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">Guidance on artificial intelligence and data protection <\/a><\/li>\n<\/ul>\n<p>The <strong>German state data protection commissioners (LfDIs)<\/strong> have published various statements, position papers and guidance documents on the topic of \"Artificial intelligence (AI) and data protection\". These documents provide valuable information for the data protection-compliant use of AI systems. Below you will find a selection of these publications.<\/p>\n<ul>\n<li>With ONKIDA, the State Commissioner for Data Protection and Freedom of Information Baden-W\u00fcrttemberg (LfDI BW) provides an overview of key data protection terms in the context of AI and refers to relevant references in various documents: <a href=\"https:\/\/www.baden-wuerttemberg.datenschutz.de\/onkida\/\" target=\"_blank\" rel=\"noopener\">Guidance Navigator AI &amp; Data Protection (ONKIDA)<\/a><\/li>\n<li>This paper by the LfDI BW discusses the data protection principles for the use of AI and offers an analysis of the applicability of the GDPR in this context: <a href=\"https:\/\/www.baden-wuerttemberg.datenschutz.de\/version-2-0-diskussionspapier-rechtsgrundlagen-im-datenschutz-beim-einsatz-von-kuenstlicher-intelligenz\/\" target=\"_blank\" rel=\"noopener\">Discussion paper: Legal basis for data protection in the use of artificial intelligence<\/a><\/li>\n<li>The Bavarian State Office for Data Protection Supervision (BayLDA) provides a checklist to support companies and organisations in implementing AI technologies in compliance with data protection regulations: <a href=\"https:\/\/www.lda.bayern.de\/media\/ki_checkliste.pdf\" target=\"_blank\" rel=\"noopener\">Checklist for data protection-compliant AI<\/a><\/li>\n<li>The State Commissioner for Data Protection of Lower Saxony offers guidance for companies and authorities on the data protection-compliant use of AI: <a href=\"https:\/\/www.lfd.niedersachsen.de\/startseite\/infothek\/presseinformationen\/kunstliche-intelligenz-datenschutzkonform-einsetzen-orientierungshilfe-fur-unternehmen-und-behorden-231889.html\" target=\"_blank\" rel=\"noopener\">Artificial intelligence and data protection<\/a><\/li>\n<li>In the Hambach Declaration, the German Data Protection Conference (DSK) formulated principles for the data protection-compliant use of AI: <a href=\"https:\/\/www.datenschutzkonferenz-online.de\/media\/en\/20190405_hambacher_erklaerung.pdf\" target=\"_blank\" rel=\"noopener\">Hambach Declaration on Artificial Intelligence<\/a><\/li>\n<li>In this position paper, the DSK recommends measures to ensure data protection in AI systems: <a href=\"https:\/\/www.datenschutzkonferenz-online.de\/media\/en\/20191106_positionspapier_kuenstliche_intelligenz.pdf\" target=\"_blank\" rel=\"noopener\">Position paper on technical and organisational measures for the development and operation of AI systems<\/a><\/li>\n<li>The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has published a discussion paper that deals with the personal reference in large language models: <a href=\"https:\/\/datenschutz-hamburg.de\/fileadmin\/user_upload\/HmbBfDI\/Datenschutz\/Informationen\/240715_Diskussionspapier_HmbBfDI_KI_Modelle.pdf\" target=\"_blank\" rel=\"noopener\">Large language models and personal data<\/a><\/li>\n<\/ul>\n<\/div><\/section><\/div>\n<div  id=\"urteile\"  class='hr av-m97031qn-6fd7ce1cf5d38f9ba6d163ffaa058a6e hr-default  avia-builder-el-54  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-12th0bn-a37d8c688679c007bade79f24338f3c0 av_one_full  avia-builder-el-55  el_after_av_hr  el_before_av_one_full  first flex_column_div'     ><section  class='av_textblock_section av-uvknmr-5ad598c79fbddee4c09091bc90ee51af'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Court judgements already in force on the subject of artificial intelligence and data protection<\/h2>\n<p>Significant judgements, in particular on SCHUFA and scoring under Article 22 GDPR, emphasise strict compliance with the GDPR in AI-supported decision-making, especially in profiling. Automated decisions with legal or significant consequences require particular caution and usually human scrutiny in order to safeguard data protection rights. These judgements highlight current challenges and developments in the area of conflict between AI and data protection law in Germany.<\/p>\n<h3>ECJ judgement on SCHUFA scoring<\/h3>\n<p>On 7 December 2023, the European Court of Justice (ECJ) ruled that the system practised by SCHUFA <strong>Scoring<\/strong> is to be categorised as a fundamentally prohibited automated decision in individual cases in accordance with Article 22 GDPR if this score plays a significant role in decisions on granting credit. This means that decisions based solely on automated processes such as the SCHUFA score that have a significant impact on the data subject are not permitted without additional human scrutiny.<\/p>\n<p>In the same judgement, the ECJ found that SCHUFA's practice of providing information on the granting of a <strong>Discharge of residual debt<\/strong> longer than the public insolvency register is not compatible with the GDPR. While the public register retains this information for six months, SCHUFA previously stored it for three years. The ECJ ruled that longer storage by private credit agencies violates the rights of data subjects.<\/p>\n<h3>Liability of AI operators for violations of personality rights<\/h3>\n<p>The Kiel Regional Court ruled on 29 February 2024 (case no. 6 O 151\/23) that operators of AI systems are responsible for violations of personal rights caused by their AI. In this case, an AI system had generated and published untrue information about a company. The court clarified that AI-generated content also makes the operator responsible.<\/p>\n<h3>Co-determination rights of the works council in the use of AI<\/h3>\n<p>The Hamburg Labour Court ruled on 16 January 2024 (case no.: 24 BVGa 1\/24) that the works council has no right of co-determination if employees voluntarily use AI tools such as ChatGPT via private accounts. As the employer had no access to the data collected by the AI operator, the court saw no monitoring pressure and therefore no violation of co-determination rights.<\/p>\n<\/div><\/section><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-20887b-afb2383d482d1660ee98d358d653f5bc\">\n.flex_column.av-20887b-afb2383d482d1660ee98d358d653f5bc{\npadding:35px 25px 30px 25px;\nbackground-color:#01064a;\nbackground:linear-gradient( to top right, #01064a, #00b3bd );\n}\n<\/style>\n<div  class='flex_column av-20887b-afb2383d482d1660ee98d358d653f5bc av_one_full  avia-builder-el-57  el_after_av_one_full  el_before_av_hr  first flex_column_div  column-top-margin'     ><p><section  class='av_textblock_section av-m9706y27-cff88c96a453298da5e8e8851a364f31'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong style=\"color: #ffffff;\">Online course Understanding AI - basics, laws and data protection practice<\/strong><\/p>\n<p><span style=\"color: #ffffff;\">Do you want to understand the basics of artificial intelligence, keep an eye on current laws and know how to ensure data protection in AI practice? Our online course provides you with the knowledge and practical tools you need to operate confidently in the world of AI and data protection. Discover the course content now and start your training!<\/span><\/p>\n<\/div><\/section><br \/>\n<div  class='avia-button-wrap av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0-wrap avia-button-left  avia-builder-el-59  el_after_av_textblock  avia-builder-el-last'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0\">\n#top #wrap_all .avia-button.av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0{\nbackground-color:#00b3bd;\nborder-color:#00b3bd;\ncolor:#ffffff;\nborder-radius:1px 1px 1px 1px;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0:hover{\nbackground-color:white;\ncolor:#00b3bd;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all.avia-button.av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0:hover .avia_button_background{\nborder-radius:1px 1px 1px 1px;\n}\n#top #wrap_all .avia-button.av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0 .avia-svg-icon svg:first-child{\nfill:#ffffff;\nstroke:#ffffff;\n}\n#top #wrap_all .avia-button.av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0:hover .avia-svg-icon svg:first-child{\nfill:#00b3bd;\nstroke:#00b3bd;\n}\n<\/style>\n<a href='https:\/\/www.robin-data.io\/en\/online-schulung'  class='avia-button av-lo6y4ua0-013ebabcf313334e69bd0fa90343c2e0 av-link-btn avia-icon_select-no avia-size-large avia-position-left'   aria-label=\"Further Information\"><span class='avia_iconbox_title' >Further Information<\/span><\/a><\/div><\/p><\/div>\n<div  id=\"fazit-ki-datenschutz\"  class='hr av-m97039zp-4e7f3de035a1cfa80c5920fe14dedace hr-default  avia-builder-el-60  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='flex_column av-iqt28z-63d9621b6b120f97c8589035db5d3ab1 av_one_full  avia-builder-el-61  el_after_av_hr  el_before_av_one_full  first flex_column_div'     ><section  class='av_textblock_section av-m96v13q5-93f5e9b33de900273901a5f0e11257a1'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Conclusion: Accepting the challenges of AI and data protection and finding solutions<\/h2>\n<p>The use of artificial intelligence (AI) is no longer a vision of the future, but is increasingly shaping the everyday life of organisations. The AI Regulation creates an important legal framework for this, but compliance with existing data protection laws such as the GDPR remains essential. It is crucial to understand this: AI is a tool whose data protection implications arise from the specific use case and the purpose pursued.<\/p>\n<p>The integration of AI and data protection therefore requires a holistic approach, from a clear definition of purpose and data protection impact assessment to compliance with the data protection principles of the GDPR, such as data minimisation, transparency and accountability. The AI Regulation itself supplements these requirements with specific obligations, for example when dealing with training data.<\/p>\n<p>Instead of seeing data protection as a barrier to innovation, we should recognise the opportunities that AI offers in overcoming data protection challenges. From automating repetitive compliance tasks to detecting data breaches, AI can be a valuable ally.<\/p>\n<p>The latest court judgements, in particular on SCHUFA scoring, underline the need for careful consideration when using AI in relation to automated decisions and profiling. They call for the rights of data subjects to be protected and for human control to be ensured in critical decision-making processes.<\/p>\n<p>The future lies in the intelligent combination of AI and data protection. By addressing the legal framework at an early stage, consistently applying data protection principles and utilising the potential of AI to support compliance, we can create innovative solutions that focus on both progress and the protection of personal data. We need to accept the challenges and work together to find ways in which AI and data protection can go hand in hand in practice.<\/p>\n<\/div><\/section><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885\">\n.flex_column.av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885{\nborder-radius:10px 10px 10px 10px;\npadding:50 px 50 px 50 px 50 px;\nbackground-color:#f7f7f7;\n}\n<\/style>\n<div  class='flex_column av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885 av_one_full  avia-builder-el-63  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p><br \/>\n<div  class='av-social-sharing-box av-ka3jmz4x-5dcebd1f09db7c20daac0063288815c9 av-social-sharing-box-default  avia-builder-el-65  el_after_av_codeblock  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc'>Do you like the piece? Feel free to share it.<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden&#038;t=KI%20und%20Datenschutz%20in%20der%20Praxis' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=KI%20und%20Datenschutz%20in%20der%20Praxis&#038;url=https:\/\/www.robin-data.io\/en\/?p=17123' data-av_icon='\ue932' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=KI%20und%20Datenschutz%20in%20der%20Praxis&#038;url=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail avia_social_iconfont' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=KI%20und%20Datenschutz%20in%20der%20Praxis&#038;body=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden' data-av_icon='\ue805' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d\">\n.flex_column.av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d av_one_full  avia-builder-el-66  el_after_av_one_full  avia-builder-el-last  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-kaqhth2e-c0ce0e9fc51ca4569850f4a16f47c8e1'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3 style=\"text-align: center;\">This might interest you too:<\/h3>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-oc5uwd-888f89ae2e4e52bc63e4505eff3e7f41\">\n#top .hr.hr-invisible.av-oc5uwd-888f89ae2e4e52bc63e4505eff3e7f41{\nheight:25px;\n}\n<\/style>\n<div  class='hr av-oc5uwd-888f89ae2e4e52bc63e4505eff3e7f41 hr-invisible  avia-builder-el-68  el_after_av_textblock  el_before_av_blog'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<div  data-slideshow-options=\"{&quot;animation&quot;:&quot;fade&quot;,&quot;autoplay&quot;:false,&quot;loop_autoplay&quot;:&quot;once&quot;,&quot;interval&quot;:5,&quot;loop_manual&quot;:&quot;manual-endless&quot;,&quot;autoplay_stopper&quot;:false,&quot;noNavigation&quot;:false,&quot;show_slide_delay&quot;:90}\" class='avia-content-slider avia-content-grid-active avia-content-slider1 avia-content-slider-odd  avia-builder-el-69  el_after_av_hr  avia-builder-el-last  av-slideshow-ui av-control-default   av-no-slider-navigation av-slideshow-manual av-loop-once av-loop-manual-endless'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Blog\" ><div class=\"avia-content-slider-inner\"><div class=\"slide-entry-wrap\"><article class='slide-entry flex_column  post-entry post-entry-17156 slide-entry-overview slide-loop-1 slide-parity-odd  av_one_third first real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms' data-rel='slide-1' class='slide-image' title='DSMS according to GDPR: Structure &amp; practical implementation'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"341\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1-495x341.jpg\" class=\"wp-image-14089 avia-img-lazy-loading-not-14089 attachment-portfolio size-portfolio wp-post-image\" alt=\"\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: DSMS according to GDPR: Structure &amp; practical implementation\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms' title='DSMS according to GDPR: Structure &amp; practical implementation'>DSMS according to GDPR: Structure &amp; practical implementation<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/wiki\" rel=\"tag\">Wiki<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >Learn all about templates, structure and implementation of a GDPR-compliant data protection management system (DMS).<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2025-04-23T09:41:39+02:00\" >23 April 2025<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/datenschutz-management-system-dsgvo-dsms#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/05\/23150650\/Zusammenarbeit-1.jpg<\/span>\n\t\t\t\t\t\t<span itemprop='height'>341<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2025-04-07T13:24:22+02:00\" >2025-04-23 09:41:39<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-04-23 09:44:29<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>DSMS according to GDPR: Structure &amp; practical implementation<\/span><\/span><\/span><\/article><article class='slide-entry flex_column  post-entry post-entry-16941 slide-entry-overview slide-loop-2 slide-parity-even  av_one_third  real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/news\/ki-verordnung-aktueller-stand' data-rel='slide-1' class='slide-image' title='AI REGULATION: Regulation of artificial intelligence'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"343\" src=\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai-495x343.png\" class=\"wp-image-16986 avia-img-lazy-loading-not-16986 attachment-portfolio size-portfolio wp-post-image\" alt=\"artificial intelligence\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: AI Regulation: Regulation of artificial intelligence\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/news\/ki-verordnung-aktueller-stand' title='AI REGULATION: Regulation of artificial intelligence'>AI REGULATION: Regulation of artificial intelligence<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/news\" rel=\"tag\">News<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >Find out all about the EU and German AI regulation: current status, legal requirements and effects.<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/news\/ki-verordnung-aktueller-stand\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2025-01-27T14:21:51+01:00\" >27 January 2025<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/news\/ki-verordnung-aktueller-stand#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png<\/span>\n\t\t\t\t\t\t<span itemprop='height'>343<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2025-04-07T13:24:22+02:00\" >2025-01-27 14:21:51<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-04-07 13:47:25<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>AI REGULATION: Regulation of artificial intelligence<\/span><\/span><\/span><\/article><article class='slide-entry flex_column  post-entry post-entry-13099 slide-entry-overview slide-loop-3 slide-parity-odd  post-entry-last  av_one_third  real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr' data-rel='slide-1' class='slide-image' title='activity report according to GDPR'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"343\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten-495x343.jpg\" class=\"wp-image-14057 avia-img-lazy-loading-not-14057 attachment-portfolio size-portfolio wp-post-image\" alt=\"\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: Activity report according to GDPR\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr' title='activity report according to GDPR'>activity report according to GDPR<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/wiki\" rel=\"tag\">Wiki<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >Templates, whitepapers and implementation of the activity report according to the GDPR. Create the activity report automatically in just a few steps.<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2022-03-04T10:32:48+01:00\" >4 March 2022<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/activity-report-template-sample-content-according-to-gdpr#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/05\/23150313\/Dokumentationspflichten.jpg<\/span>\n\t\t\t\t\t\t<span itemprop='height'>343<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2025-04-07T13:24:22+02:00\" >2022-03-04 10:32:48<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-04-22 09:38:20<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>activity report according to GDPR<\/span><\/span><\/span><\/article><\/div><\/div><\/div><\/p><\/div>","protected":false},"excerpt":{"rendered":"<p>Find out how artificial intelligence can be used in compliance with the GDPR. A practical guide.<\/p>","protected":false},"author":3,"featured_media":16986,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[71],"tags":[37,182],"class_list":["post-17123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wiki","tag-datenschutz","tag-kuenstliche-intelligenz"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v26.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>KI und Datenschutz: Herausforderungen und L\u00f6sungen<\/title>\n<meta name=\"description\" content=\"K\u00fcnstliche Intelligenz in Organisationen erfordert einen klaren Fokus auf Datenschutz. Lesen Sie mehr \u00fcber KI und Datenschutz.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"KI und Datenschutz in der Praxis\" \/>\n<meta property=\"og:description\" content=\"K\u00fcnstliche Intelligenz in Organisationen erfordert einen klaren Fokus auf Datenschutz. Lesen Sie mehr \u00fcber KI und Datenschutz.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden\" \/>\n<meta property=\"og:site_name\" content=\"Robin Data GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/robindatade\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-07T11:24:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-07T11:46:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\" \/>\n\t<meta property=\"og:image:width\" content=\"685\" \/>\n\t<meta property=\"og:image:height\" content=\"343\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Caroline Schwabe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@RobinData_DE\" \/>\n<meta name=\"twitter:site\" content=\"@RobinData_DE\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Caroline Schwabe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"30 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden\"},\"author\":{\"name\":\"Caroline Schwabe\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\"},\"headline\":\"KI und Datenschutz in der Praxis\",\"datePublished\":\"2025-04-07T11:24:22+00:00\",\"dateModified\":\"2025-04-07T11:46:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden\"},\"wordCount\":15357,\"commentCount\":4,\"image\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\",\"keywords\":[\"Datenschutz\",\"K\u00fcnstliche Intelligenz\"],\"articleSection\":[\"Wiki\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#respond\"]}]},{\"@type\":[\"WebPage\",\"ItemPage\"],\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden\",\"url\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden\",\"name\":\"KI und Datenschutz: Herausforderungen und L\u00f6sungen\",\"isPartOf\":{\"@id\":\"https:\/\/www.robin-data.io\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\",\"datePublished\":\"2025-04-07T11:24:22+00:00\",\"dateModified\":\"2025-04-07T11:46:33+00:00\",\"author\":{\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\"},\"description\":\"K\u00fcnstliche Intelligenz in Organisationen erfordert einen klaren Fokus auf Datenschutz. Lesen Sie mehr \u00fcber KI und Datenschutz.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage\",\"url\":\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\",\"contentUrl\":\"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png\",\"width\":685,\"height\":343,\"caption\":\"k\u00fcnstliche intelligenz\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.robin-data.io\/startseite\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"KI und Datenschutz in der Praxis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.robin-data.io\/#website\",\"url\":\"https:\/\/www.robin-data.io\/\",\"name\":\"Robin Data GmbH\",\"description\":\"Robin Data ComplianceOS\u00ae Das Compliance Operating System\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.robin-data.io\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\",\"name\":\"Caroline Schwabe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g\",\"caption\":\"Caroline Schwabe\"},\"description\":\"Frau Schwabe ist Informationsdesignerin und Datenschutzbeauftragte. Der Schwerpunkt ihrer Arbeit liegt darin, Kunden und Interessenten mit Beitr\u00e4gen in der Robin Data Datenschutz-Akademie weiterzuhelfen.\",\"url\":\"https:\/\/www.robin-data.io\/en\/author\/csc\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"AI and data protection: challenges and solutions","description":"Artificial intelligence in organisations requires a clear focus on data protection. Read more about AI and data protection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden","og_locale":"en_GB","og_type":"article","og_title":"KI und Datenschutz in der Praxis","og_description":"K\u00fcnstliche Intelligenz in Organisationen erfordert einen klaren Fokus auf Datenschutz. Lesen Sie mehr \u00fcber KI und Datenschutz.","og_url":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/ki-und-datenschutz-praxisleitfaden","og_site_name":"Robin Data GmbH","article_publisher":"https:\/\/www.facebook.com\/robindatade\/","article_published_time":"2025-04-07T11:24:22+00:00","article_modified_time":"2025-04-07T11:46:33+00:00","og_image":[{"width":685,"height":343,"url":"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png","type":"image\/png"}],"author":"Caroline Schwabe","twitter_card":"summary_large_image","twitter_creator":"@RobinData_DE","twitter_site":"@RobinData_DE","twitter_misc":{"Written by":"Caroline Schwabe","Estimated reading time":"30 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#article","isPartOf":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden"},"author":{"name":"Caroline Schwabe","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5"},"headline":"KI und Datenschutz in der Praxis","datePublished":"2025-04-07T11:24:22+00:00","dateModified":"2025-04-07T11:46:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden"},"wordCount":15357,"commentCount":4,"image":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage"},"thumbnailUrl":"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png","keywords":["Datenschutz","K\u00fcnstliche Intelligenz"],"articleSection":["Wiki"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#respond"]}]},{"@type":["WebPage","ItemPage"],"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden","url":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden","name":"AI and data protection: challenges and solutions","isPartOf":{"@id":"https:\/\/www.robin-data.io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage"},"image":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage"},"thumbnailUrl":"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png","datePublished":"2025-04-07T11:24:22+00:00","dateModified":"2025-04-07T11:46:33+00:00","author":{"@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5"},"description":"Artificial intelligence in organisations requires a clear focus on data protection. Read more about AI and data protection.","breadcrumb":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#primaryimage","url":"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png","contentUrl":"https:\/\/media.robin-data.io\/2025\/01\/27132208\/kuenstliche-intelligenz-ai.png","width":685,"height":343,"caption":"k\u00fcnstliche intelligenz"},{"@type":"BreadcrumbList","@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/ki-und-datenschutz-praxisleitfaden#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.robin-data.io\/startseite"},{"@type":"ListItem","position":2,"name":"KI und Datenschutz in der Praxis"}]},{"@type":"WebSite","@id":"https:\/\/www.robin-data.io\/#website","url":"https:\/\/www.robin-data.io\/","name":"Robin Data GmbH","description":"Robin Data ComplianceOS\u00ae The Compliance Operating System","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.robin-data.io\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5","name":"Caroline Schwabe","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g","caption":"Caroline Schwabe"},"description":"Ms. Schwabe is an information designer and Data Protection Officer. The focus of her work is to help customers and interested parties with contributions to the Robin Data Privacy Academy.","url":"https:\/\/www.robin-data.io\/en\/author\/csc"}]}},"_links":{"self":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/17123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/comments?post=17123"}],"version-history":[{"count":30,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/17123\/revisions"}],"predecessor-version":[{"id":17147,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/17123\/revisions\/17147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/media\/16986"}],"wp:attachment":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/media?parent=17123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/categories?post=17123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/tags?post=17123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}