GDPR: Understanding the Impact of Automated Decision Making and Profiling

Profiling and automated decision-making are not prohibited under GDPR.  However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects.

Key Questions:

1| How are automated decision-making and profiling defined under GDPR?
2| How do the general rules of GDPR apply to automated decision-making and profiling?
3| What specific restrictions are in place on these activities?
4| What should you do if you are leveraging automated decision making?

In this whitepaper, we will explore the definitions of automated decision-making and profiling and how the various requirements of GDPR apply to data collected for these purposes.  In addition, we will address the importance of an appropriate lawful basis for processing and specific restrictions on processing.

Request Whitepaper

Christian Hyatt

Christian is the Managing Director and Co-Founder of risk3sixty,where he helps clients build world-class information security and compliance programs. Christian was the 2018 Technology Association of Georgia Under-35 Professional Services Leader of the Year and 2019 Atlanta Business Chronical Entrepreneur of the Year finalist. Christian holds a B.B.A in Management Information Systems from the University of Georgia and M.B.A from the Georgia Institute of Technology. Christian is a Ceritified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO 27001 Lead Auditor, and PCI QSA.