AI transparency

AI use that is transparent, controlled and accountable.

Where AI tools support XpertDPO work, the important questions are purpose, human review, data handling, professional judgement and accountability.

AI supports controlled work. It does not replace senior judgement, legal review or accountable decision-making.

Explore AI/DPIA lifecycle
AI transparency and privacy governance planning
AI transparency Practical privacy work connected to the right operating-model conversation.
Clear handlingEnquiries are handled with proportionate information, clear ownership and controlled follow-up.
Privacy by defaultInitial conversations avoid unnecessary confidential or sensitive detail.
Useful next stepThe website makes the next step clear before a visitor makes contact.

AI Usage Transparency Policy

Introduction

At XpertDPO, we use Artificial Intelligence (AI) to support our services in data protection, compliance, and risk management. We are committed to using AI in a responsible, ethical, and transparent way. This policy explains how we use AI, how we keep it safe and fair, and how we make sure it stays under human control.

Who This Applies To

This policy covers all AI tools and systems we use in our work. That includes tools that help us with data protection audits, GDPR compliance checks, risk analysis, and document processing. It also applies to all employees, contractors, and partners who help develop or use AI as part of XpertDPO’s services.

Our Principles

01

Accountability

We are responsible for all AI-generated outputs in our services. AI supports our work but does not replace human decision-making in important matters. Our team always checks and approves any AI recommendations before they are used. Our team members include certified AI Governance Professionals.

02

Fairness and Non-Discrimination

We work hard to make sure our AI systems do not produce biased or unfair results. We regularly test them to catch and fix any issues that might lead to discrimination.

03

Explainability and Interpretability

We aim to make it clear how AI supports your compliance journey. If an AI tool helped with your risk rating or compliance analysis, you can ask us to explain how it worked and why it gave that result.

04

Data Privacy and Security

All AI systems we use follow data protection rules. Where possible and when necessary, we use anonymised or pseudonymised data to protect privacy. AI never has access to more data than it needs.

05

Human Oversight

We use human-in-the-loop (HITL), human-on-the-loop (HOTL), or human-in-command (HIC) models. This means AI assists our experts, but people are always in charge. Clients can always question or ask for a human review of any AI-assisted output.

06

Compliance with Law and Standards

We follow all legal and regulatory requirements, including the GDPR and the EU AI Act. AI systems are subject to the required risk and ethics assessments. We update our approach as laws and standards change.

Where We Use AI

  • Video Learning: Our XpertAcademy learning videos are generated using avatars representative of our team members.
  • Document Analysis: Using Natural Language Processing (NLP) to assist with reviews of large volumes of legal and compliance text.
  • Risk Assessments: Helping our team members through information discovery and analysis, always reviewed by a seasoned professional.
  • Security and Breach Detection: Using AI on internal systems to flag anomalies, possible vulnerabilities, or signs of data breaches.
  • Training Tools: Supporting regulatory learning materials through summarisation and AI-generated examples, always reviewed by a qualifed professional.

When AI is used in our interactions or services that you experience, we will clearly let you know. You may see or hear a message or see an icon that shows an AI system is involved.

We do not make use of High Risk AI Systems. We do not use personal data to train AI systems. We do not use AI systems to infer emotions or categorise you biometrically.

Your Rights

You can:

  • Ask how we use AI in the interactions and services that you experience. You will be told when you interact with an AI system.
  • Ask if content has been created using AI. You will be told when you experience content that has been created using AI.
  • Get a clear explanation of AI-assisted decisions, if you are subject to decisions made or supported by high-risk AI systems. Currently, XpertDPO does not deploy or make use of high-risk AI systems.
  • Contest high-risk AI outcomes. Currently, XpertDPO does not deploy or make use of high-risk AI systems.
  • Request human oversight in high-risk AI use-cases.  Currently, XpertDPO does not deploy or make use of high-risk AI systems.
  • Request information or raise concerns to us using the contact details included.

Oversight and Monitoring

We keep detailed records about the AI systems we use. This includes:

  • A risk register for each system
  • Logs of any issues or incidents
  • Internal audits and assessments

We regularly review how these tools perform and update them as needed. Our team receives training on AI use, ethics, and safety.

We welcome your feedback and take concerns seriously. Clients and staff can report any problems or suggestions related to AI use.

Contact Information

If you have questions about this AI Transparency Policy or wish to exercise your rights, please contact us at:

We may update this policy from time to time to reflect changes in technology, law, or our services. Please check back occasionally to stay informed.

Next step

Start with the work that now needs confidence.

Tell us what has changed, what feels difficult to evidence or explain, and who needs assurance. We will help shape the right conversation from there.

Explore AI/DPIA lifecycle