Core Principles
The revDSG is based on the principles of proportionality, purpose limitation, and transparency. For AI systems, this means that data processing must be limited to what is necessary, the processing purpose must be clearly defined, and data subjects must be adequately informed.
Data Protection Impact Assessment (DPIA)
AI systems that process personal data generally require a Data Protection Impact Assessment. This must evaluate the risks to data subjects and define appropriate risk mitigation measures. Particular care is required for automated individual decisions.
Automated Individual Decisions
The revDSG regulates automated individual decisions in Art. 21. Data subjects have the right to be informed and to present their point of view. For AI-based decision processes, companies must ensure that human review is possible and the decision logic remains explainable.
Cross-Border Data Processing
Many AI services process data internationally. The revDSG permits the transfer of personal data abroad only under certain conditions: adequate data protection level, standard contractual clauses, or explicit consent. Cloud-based AI solutions require particular attention.
Our Support
We help your company implement AI systems in compliance with the revDSG. From data protection impact assessments to technical implementation and ongoing compliance monitoring - we accompany you every step of the way.