icon icon

AI and GDPR - how to combine regulatory compliance with the implementation of new technologies

icon

Training process

Training needs analysis

If you have specific requirements regarding the training programme, we will carry out a training needs analysis for you. This will guide us on which aspects of the programme should receive greater emphasis, so that the training programme meets your specific needs.

What will you gain?

icon

Stronger data processing agreements - You will learn how to draft and review data processing agreements so the scope, purpose, responsibilities, and audit rights are clearly defined and legally workable.

icon

Better vendor assessment - You will learn how to evaluate processors before signing, including certificates, security policies, and practical risks, so you can choose vendors that meet GDPR expectations.

icon

Safer data deletion - You will understand when personal data must be deleted and how erasure, anonymization, and pseudonymization differ, so you can choose the right method in practice.

icon

Lower breach exposure - You will clarify who is accountable for mistakes in processing, sub-processing, and data deletion, making it easier to reduce breach risk and avoid costly consequences.

icon

Real lessons from UODO cases - You will review actual UODO decisions and fines to see which mistakes organizations repeat most often and which measures genuinely help reduce the risk of penalties.

icon

AI aligned with GDPR - You will structure your approach to AI use, including profiling, automated decisions, and transparency duties, so you can deploy tools in a way that fits GDPR rules.

icon

Data minimization for AI - You will learn how to balance model training needs with the data minimization principle, helping you avoid unnecessary collection and better justify processing choices.

icon

Wider regulatory perspective - You will see how GDPR connects with the AI Act and the Data Act, making it easier to plan new technology deployments in line with expanding regulatory demands.

Training programme

1. Entrustment and sub-entrustment of personal data

  • definitions and legal bases (GDPR, entrustment agreement),
  • scope and purpose of data entrustment,
  • differences between entrustment and sub-entrustment,
  • the most important elements of the entrustment agreement,
  • liability:
    • of the data controller,
    • of the processor,
    • of the subcontractor (sub-entrustment),
  • control and audit of processing.

2. Assessment of potential contractors before concluding a processing entrustment agreement

  • criteria for assessing the processor,
  • formal and practical requirements (certificates, security policies),
  • risks related to the selection of the contractor,
  • Due diligence and GDPR compliance checklists.

3. Deletion of personal data

  • obligation to delete data – when it arises,
  • methods of data deletion (erasure, anonymization, pseudonymization),
  • documentation of the data deletion process,
  • liability for violations.

4. Review of UODO decisions

  • the most important decisions and penalties from recent years,
  • analysis of cases of GDPR violations in Poland,
  • conclusions and good practices for organizations,
  • trends in the supervisory authority's approach.

5. AI and GDPR – general issues

  • legal challenges related to AI in the context of data protection,
  • main risks: profiling, automated decision-making,
  • data minimization and the training of AI models,
  • transparency and information obligations towards data subjects,
  • the relationship between GDPR and new regulations (AI Act, Data Act).

What are the prerequisites for participating in the training?

icon

GDPR basics - You should understand core GDPR concepts such as controller, processor, personal data, and legal basis, so you can follow the training topics without difficulty.

icon

Understanding data flows - You should know how personal data is collected, shared, and stored in your organization, because the training refers to practical operational processing flows.

icon

Experience with documentation - You should have basic experience working with agreements, procedures, or data protection policies, so you can more easily assess processing and deletion clauses.

icon

Awareness of AI tools - You should have a general understanding of what AI tools are and how businesses use them, so you can better assess the legal, transparency, and governance risks discussed.