AI Regulation and GDPR: BDO Identifies Synergies for Companies
BDO AG suggests companies can leverage synergies between the EU's AI Act and GDPR to improve compliance efficiency. Existing data protection processes can serve as a foundation for AI regulatory requirements.
Audit and advisory firm BDO AG has advised that companies can enhance their regulatory compliance by integrating requirements from the EU's upcoming Artificial Intelligence (AI) Act and the General Data Protection Regulation (GDPR).
According to BDO, organizations with established data protection processes are well-positioned to meet the demands of the new AI Act. This regulation aims to protect fundamental rights, foster trustworthy AI, and strengthen the EU's internal market, implementing a four-tiered risk classification system. High-risk AI systems, such as those used in HR or biometric identification, will face particularly stringent requirements.
The GDPR, effective since 2018, provides a framework with principles like purpose limitation, transparency, and data minimization. It also employs a risk-based approach, notably through Data Protection Impact Assessments (DPIAs).
BDO highlights that both regulations share core principles, including obligations for transparency and documentation, risk assessment, and the protection of fundamental rights. Companies can utilize these overlaps by integrating their existing data protection structures with AI regulatory demands, thereby avoiding fragmented approaches.
BDO offers services to assist companies in integrating these compliance processes. Offerings include gap analyses, risk classifications, documentation harmonization, and training. The firm posits that efficient compliance can become a competitive advantage when incorporated into a sustainable governance strategy.