GDPR Basics
Compliance Β· 6 min
GDPR (German: DSGVO) is the European data protection regulation. It applies to any company processing personal data of EU citizens - regardless of where the company is located.
Key Principles
- Lawfulness: You need a legal basis for processing
- Purpose limitation: Only use data for stated purposes
- Data minimization: Only collect what you need
- Accuracy: Keep data accurate
- Storage limitation: Delete when no longer needed
- Integrity & confidentiality: Secure processing
Legal Bases (Art. 6)
| Basis | Description | AI Example |
|---|---|---|
| Consent | Voluntary, revocable | Newsletter, personalization |
| Contract | Necessary for contract | Order processing |
| Legitimate interest | Balance with data subject rights | Fraud prevention |
Rights of Data Subjects (Art. 15-22)
- Right of access (Art. 15) β What data is processed?
- Right to rectification (Art. 16) β Correct wrong data
- Right to erasure (Art. 17) β "Right to be forgotten"
- Right to restriction (Art. 18) β Stop processing
- Data portability (Art. 20) β Move data to another system
- Right to object (Art. 21) β Object to certain processing
Local AI = GDPR Advantage
- β No third-country transfer β Data stays in EU
- β Full control β You decide who has access
- β No third-country transfer needed β Data stays in the EU (Art. 44 ff. GDPR)
- β Easy documentation β All on your hardware
- β Fast deletion β Physical control over data
Related articles: EU AI Act Β· Chatbot Transparency
For implementation support, find resources at ai-engineering.at.
Next step: operationalize compliance
Use ready-to-run GDPR templates, checklists and practical guidance for AI systems that need documentation and auditability.
Why AI Engineering
- Local and self-hosted by default
- Documented and auditable
- Built from our own runtime
- Made in Austria
Not legal advice.