AI Compliance Guidebook

Back to Toolkit

Your guide to navigating AI, ethics, and regulation—one term at a time.

Key Terms

Essential concepts at the intersection of AI and data protection

Automated Decision-Making

Art. 22

Making decisions solely by automated means without human involvement

Automated Decisions

Profiling

Art. 4(4)Art. 22

Automated processing of personal data to evaluate aspects about an individual

Automated Decisions

Right to Explanation

Art. 13Art. 14Art. 15Art. 22

Right to obtain explanation of decisions made by AI systems

Rights & FreedomsAutomated Decisions

Data Minimization

Art. 5(1)(c)

Limiting data collection to what's necessary for specified purposes

Data Protection

Algorithmic Transparency

Art. 5(1)(a)Art. 12Art. 13Art. 14Art. 15

Making AI algorithms understandable and their decisions explainable

Automated DecisionsTechnical Measures

Data Protection Impact Assessment (DPIA)

Art. 35Art. 36

Assessment of risks to rights and freedoms posed by data processing

Data Protection

Data Protection by Design

Art. 25(1)

Building data protection into the design of AI systems

Data ProtectionTechnical Measures

Data Protection by Default

Art. 25(2)

Ensuring the highest privacy settings by default

Data ProtectionTechnical Measures

Explainable AI (XAI)

Art. 13Art. 14Art. 15Art. 22

AI systems designed to be understandable by humans

Automated DecisionsTechnical Measures

Purpose Limitation

Art. 5(1)(b)

Processing data only for specified, explicit, and legitimate purposes

Data Protection

High-Risk AI Systems

Art. 35

AI systems posing significant risks to rights and freedoms

Automated Decisions

Human Oversight

Art. 22

Human supervision and intervention in AI systems

Automated Decisions

Bias and Discrimination

Art. 5(1)(a)Art. 9Art. 22

Unfair treatment resulting from AI system prejudices

Automated Decisions

Fairness

Art. 5(1)(a)

Ensuring AI systems treat individuals equitably

Automated Decisions

Data Quality

Art. 5(1)(d)

Ensuring data is accurate, complete, and representative

Data Protection

Synthetic Data

Art. 5(1)(c)Art. 25

Artificially generated data that mimics real data

Technical Measures

Federated Learning

Art. 5(1)(c)Art. 25Art. 32

Training AI models across devices while keeping data local

Technical Measures

Privacy-Preserving Techniques

Art. 5(1)(c)Art. 25Art. 32

Methods to protect privacy while enabling data analysis

Technical MeasuresData Protection

Differential Privacy

Art. 5(1)(c)Art. 25Art. 32

Mathematical framework for privacy-preserving data analysis

Technical MeasuresData Protection

Model Inversion Attacks

Art. 5(1)(f)Art. 32

Attacks that extract training data from AI models

Technical Measures

Membership Inference Attacks

Art. 5(1)(f)Art. 32

Determining if data was used to train an AI model

Technical Measures

Accountability

Art. 5(2)Art. 24

Responsibility for and demonstration of GDPR compliance

Data Protection

AI Governance

Art. 24Art. 25Art. 35

Framework for responsible AI development and deployment

Data Protection

Documentation

Art. 5(2)Art. 24Art. 30

Records of AI system design, operation, and compliance

Data Protection

AI Impact Assessment

Art. 35

Evaluation of AI system impacts beyond data protection

Data Protection

Ethics by Design

Art. 25

Integrating ethical considerations into AI development

Data Protection

© 2025 GDPR Compliance Toolkit. All rights reserved.

This tool is for informational purposes only and does not constitute legal advice.