Autopilot

Expertise / GDPR Specialist

// Expertise

GDPR Specialist

„We’re worried our AI is sending employee data to OpenAI."

Impact assessments for AI workflows, DPA review, anonymised data flows. Before the build, not after the data leak.

AI applications are particularly sensitive under GDPR as soon as personal data lands in prompts — which is almost always the case in the Mittelstand. For every new application we check the legal basis (Art. 6 GDPR), build the impact assessment where needed (Art. 35) and design the data flow so pseudonymisation kicks in wherever possible.

// Typical questions

What clients ask us about this.

// Mandant-Memory

What we keep for you.

Documented per mandate, viewable and correctable by you anytime.

// Example from practice

Tax advisory firm · 80 employees

Client email drafts via Claude. DPIA documented, pseudonymisation layer built (names + IBAN masking before API call), Anthropic DPA with zero-retention addendum verified, training prepared for the two clerks involved.

// If this fits

One request is enough.

Write us briefly what’s on your plate — we respond within one business day. This role is part of the Autopilot retainer, not booked separately.

// More roles