Introduction
At XpertDPO, we use Artificial Intelligence (AI) to support our services in data protection, compliance, and risk management. We are committed to using AI in a responsible, ethical, and transparent way. This policy explains how we use AI, how we keep it safe and fair, and how we make sure it stays under human control.
Who This Applies To
This policy covers all AI tools and systems we use in our work. That includes tools that help us with data protection audits, GDPR compliance checks, risk analysis, and document processing. It also applies to all employees, contractors, and partners who help develop or use AI as part of XpertDPO’s services.
Our Principles
Accountability
We are responsible for all AI-generated outputs in our services. AI supports our work but does not replace human decision-making in important matters. Our team always checks and approves any AI recommendations before they are used. Our team members include certified AI Governance Professionals.
Fairness and Non-Discrimination
We work hard to make sure our AI systems do not produce biased or unfair results. We regularly test them to catch and fix any issues that might lead to discrimination.
Explainability and Interpretability
We aim to make it clear how AI supports your compliance journey. If an AI tool helped with your risk rating or compliance analysis, you can ask us to explain how it worked and why it gave that result.
Data Privacy and Security
All AI systems we use follow data protection rules. Where possible and when necessary, we use anonymised or pseudonymised data to protect privacy. AI never has access to more data than it needs.
Human Oversight
We use human-in-the-loop (HITL), human-on-the-loop (HOTL), or human-in-command (HIC) models. This means AI assists our experts, but people are always in charge. Clients can always question or ask for a human review of any AI-assisted output.
Compliance with Law and Standards
We follow all legal and regulatory requirements, including the GDPR and the EU AI Act. AI systems are subject to the required risk and ethics assessments. We update our approach as laws and standards change.
Where We Use AI
- Video Learning: Our XpertAcademy learning videos are generated using avatars representative of our team members.
- Document Analysis: Using Natural Language Processing (NLP) to assist with reviews of large volumes of legal and compliance text.
- Risk Assessments: Helping our team members through information discovery and analysis, always reviewed by a seasoned professional.
- Security and Breach Detection: Using AI on internal systems to flag anomalies, possible vulnerabilities, or signs of data breaches.
- Training Tools: Supporting regulatory learning materials through summarisation and AI-generated examples, always reviewed by a qualifed professional.
When AI is used in our interactions or services that you experience, we will clearly let you know. You may see or hear a message or see an icon that shows an AI system is involved.
We do not make use of High Risk AI Systems. We do not use personal data to train AI systems. We do not use AI systems to infer emotions or categorise you biometrically.
Your Rights
You can:
- Ask how we use AI in the interactions and services that you experience. You will be told when you interact with an AI system.
- Ask if content has been created using AI. You will be told when you experience content that has been created using AI.
- Get a clear explanation of AI-assisted decisions, if you are subject to decisions made or supported by high-risk AI systems. Currently, XpertDPO does not deploy or make use of high-risk AI systems.
- Contest high-risk AI outcomes. Currently, XpertDPO does not deploy or make use of high-risk AI systems.
- Request human oversight in high-risk AI use-cases. Currently, XpertDPO does not deploy or make use of high-risk AI systems.
- Request information or raise concerns to us using the contact details included.
Oversight and Monitoring
We keep detailed records about the AI systems we use. This includes:
- A risk register for each system
- Logs of any issues or incidents
- Internal audits and assessments
We regularly review how these tools perform and update them as needed. Our team receives training on AI use, ethics, and safety.
We welcome your feedback and take concerns seriously. Clients and staff can report any problems or suggestions related to AI use.
Contact Information
If you have questions about this AI Transparency Policy or wish to exercise your rights, please contact us at:
- Email: dpo@xpertdpo.com
- Phone: +353 1 678 8997
- Postal Address: 20 Harcourt Street, Dublin 2.
We may update this policy from time to time to reflect changes in technology, law, or our services. Please check back occasionally to stay informed.