Resources for Privacy and AI Governance Teams
Practical guidance on GDPR compliance, HIPAA, EU AI Act, and AI tool assessment for privacy professionals.
Who Should Be on Your AI Governance Team? Roles, Structures, and How Leading Organizations Are Getting This Right
Most organizations are trying to govern AI tools with teams that were designed for something else. Here is what a purpose-built AI governance function actually looks like and how to get there from where you are.
Approved With Conditions: The AI Governance Decision Most Privacy Teams Are Getting Wrong
It is the most common designation in any mature AI governance program. It is also the one that creates the most compliance exposure when it is done poorly. Here is what getting it right actually looks like.
What Is a Final Designation Report? How Leading Privacy Teams Document AI Tool Decisions
Most organizations make AI tool decisions informally and document them poorly. Here is what a governance-grade decision record actually looks like and why it matters when a regulator comes asking.
HIPAA and AI Tools: The BAA Questions Every Healthcare Privacy Officer Should Be Asking
Your vendor has a BAA. That BAA was written before their AI features existed. Here is why that matters more than most healthcare organizations realize.
EU AI Act for Deployers: What Privacy Teams Need to Know Before August 2026
You did not build the AI tool. You did not train the model. You are still responsible for what happens when your organization uses it.
Why Your AI Tool Intake Process Is Broken (And What Good Looks Like)
Most organizations are managing AI tool requests the same way they managed software procurement in 2015. The tools have changed. The risks have changed. The process has not.
ChatGPT and GDPR: What Your Organization Actually Needs to Have in Place
Everyone is using it. Most organizations have not done the work to use it legally. Here is what actually needs to happen before your next prompt.
The AI Tool Assessment Checklist Every Privacy Team Needs in 2026
Print this out. Put it in your intake process. Stop discovering compliance problems after the tool is already in production.
How to Assess an AI Tool for GDPR Compliance: A Step-by-Step Guide for DPOs
The same AI tool can be perfectly fine in one deployment and a regulatory nightmare in another. Here is how to tell the difference before your organization finds out the hard way.