Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Do You Use AI And Clever Tech?

by Adam Brogden
in Blog

30-May-2019 12:01

GDPR is complicated enough but as soon as you start using AI and processing biometric data the GDPR world gets even more complicated! Take a look at this extract from the ICO:


Any organisations planning on using new and innovative technologies that involve personal data, including biometric data, need to think about these key points:

  1. Under the GDPR, controllers are required to complete a DPIA where their processing is ‘likely to result in a high risk to the rights and freedoms of natural persons’ such as the (large scale) use of biometric data. A DPIA is a process which should also ensure that responsible controllers to incorporate ‘data protection by design and by default’ principles into their projects. Data protection by design and default is a key concept at the heart of GDPR compliance.

  2. When you’ve done your DPIA, make sure you act upon the risks identified and demonstrate you have taken it into account. Use it to inform your work.

  3. Accountability is one of the data protection principles of the GDPR - it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance by putting appropriate technical and organisational measures in place.

  4. If you are planning to rely on consent as a legal basis, then remember that biometric data is classed as special category data under GDPR and any consent obtained must be explicit. The benefits from the technology cannot override the need to meet this legal obligation.


Anyone developing or implementing new technology should consider whether they need to complete a DPIA. If you have any questions please feel free to call us.

Good luck all.