Somo 1Haki za watu wa data (upatikanaji, marekebisho, kufuta, kuzuia, kubeba, kupinga, maamuzi ya kiotomatiki) na michakato ya uendeshaji ya kutiiSehemu hii inaelezea kila haki ya GDPR, jinsi zinavyotumika kwa SaaS na AI, na jinsi ya kubuni michakato ya kupokea, kuthibitisha, kujibu, na kurekodi ili timu za kisheria, bidhaa, na uhandisi ziweze kushughulikia maombi ya watu wa data kwa kiwango kikubwa.
Catalog of GDPR rights and legal scopeIdentity verification and fraud prevention stepsStandard operating procedures for DSR handlingAutomation, ticketing, and response templatesLogging, metrics, and continuous process reviewSomo 2Adhabu, mwenendo wa utekelezaji, na maamuzi ya hivi karibuni ya GDPR/CNIL yanayoathiri utekelezaji wa uchanganuzi na AISehemu hii inachunguza nguvu za utekelezaji za GDPR na CNIL, vigezo vya kuhesabu faini, na maamuzi ya hivi karibuni ya kivutio yanayoathiri uchanganuzi, vidakuzi, ufuatiliaji, na AI, ikichukua masomo ya vitendo kwa watoa huduma wa SaaS kuhusu hamu ya hatari na vipaumbele vya utii.
Administrative powers and sanction typesFine calculation criteria and aggravating factorsRecent CNIL cases on cookies and trackingEU decisions on AI, profiling, and scoringUsing case law to guide product risk choicesSomo 3Kurekodi na uwajibikaji: Rekodi za Shughuli za Kuchakata (RoPA), sera za ndani, na ushahidi kwa mamlaka za usimamiziSehemu hii inaelezea wajibu wa uwajibikaji, jinsi ya kudumisha Rekodi za Shughuli za Kuchakata, na jinsi ya kujenga sera za ndani, utawala, na ushahidi unaoonyesha utii kwa mamlaka za usimamizi wakati wa ukaguzi au uchunguzi.
Core elements of a compliant RoPA entryMapping data flows and systems for recordsDesigning internal privacy policies and chartersEvidence files, dashboards, and audit trailsGovernance roles: DPO, legal, and productSomo 4Sheria ya Ulinzi wa Data ya Ufaransa (Loi Informatique et Libertés) na mwongozo wa CNIL unaohusiana na uchanganuzi na AISehemu hii inawasilisha Sheria ya Ulinzi wa Data ya Ufaransa na mwongozo wa CNIL unaohusiana na uchanganuzi na AI, ikiangazia sifa za kitaifa, sheria za sekta, na matarajio ya vitendo kwa vidakuzi, kupima hadhira, na mifumo ya algoriti.
Structure of the French Data Protection ActCNIL powers, soft law, and recommendationsCNIL guidance on cookies and audience metricsNational rules on biometrics and sensitive dataCNIL positions on AI, scoring, and profilingSomo 5Ulinzi wa Data kwa Kubuni na kwa Chaguo la Msingi: hatua za kiufundi na za kimfumo kwa bidhaa za SaaSSehemu hii inaelezea wajibu wa Ulinzi wa Data kwa Kubuni na kwa Chaguo la Msingi na jinsi ya kuzitafsiri kuwa hatua za kiufundi na za kimfumo za kiufundi kwa SaaS, ikijumuisha usanidi, udhibiti wa upatikanaji, chaguo za msingi, na mazoea ya maendeleo salama.
Embedding privacy in product lifecycle stagesData minimization and privacy-friendly defaultsRole-based access control and logging designSecure development and code review practicesVendor selection and integration risk controlsSomo 6Muhtasari wa muundo wa GDPR na kanuni kuu (uhalali, kikomo cha madhumuni, kupunguza, usahihi, kikomo cha uhifadhi, uadilifu, usiri, uwajibikaji)Sehemu hii inatanguliza muundo wa GDPR na kanuni kuu, ikijumuisha uhalali, kikomo cha madhumuni, kupunguza, usahihi, kikomo cha uhifadhi, uadilifu, usiri, na uwajibikaji, na mifano iliyobadilishwa kwa SaaS na AI.
Regulation structure, scope, and key actorsLawfulness, fairness, and transparency dutiesPurpose limitation and compatibility analysisData minimization and accuracy in practiceStorage limits, security, and accountabilitySomo 7Jamii maalum za data, pseudonymization, viwango vya anonymization na hatari ya kutambua upyaSehemu hii inafafanua jamii maalum za data chini ya GDPR, jinsi ya kutekeleza pseudonymization na anonymization katika SaaS na AI, na jinsi ya kutathmini, kurekodi, na kupunguza hatari za kutambua upya katika uchanganuzi na ufundi wa mashine.
Defining special categories and sensitive dataPseudonymization techniques in SaaS databasesAnonymization standards and risk-based approachesRe-identification risk assessment and controlsContractual and policy safeguards for high-risk dataSomo 8Misingi halali ya kuchakata data ya kibinafsi: idhini, mkataba, maslahi halali, maslahi ya umma — majaribio na kurekodiSehemu hii inachanganua misingi halali ya kuchakata data ya kibinafsi, ikijumuisha idhini, mkataba, maslahi halali, na maslahi ya umma, na inaelezea jinsi ya kuchagua, kurekodi, na kutetea msingi unaofaa kwa matumizi ya SaaS na AI na uchanganuzi wa tabia.
Overview of lawful bases and exclusivity rulesWhen consent is required and validly obtainedContract necessity in B2B SaaS scenariosLegitimate interest tests and balancingDocumenting legal basis choices and changesSomo 9Tathmini za Athari za Ulinzi wa Data (DPIAs): wakati inahitajika, mbinu, templeti, na hatua za kupunguza kwa uchanganuzi wa tabia wa kiwango kikubwaSehemu hii inaelezea wakati DPIAs ni lazima, jinsi ya kufafanua na kufanya kwa uchanganuzi wa kiwango kikubwa na AI, templeti zipazo, na jinsi ya kutambua na kutekeleza hatua bora za kupunguza na idhini za hatari iliyobaki.
Triggers for DPIA and high-risk criteriaStep-by-step DPIA methodology and rolesTemplates, tools, and documentation tipsIdentifying risks in profiling and trackingMitigation plans and DPO or CNIL consultationSomo 10Uwazi na wajibu wa habari kwa watu wa data: notisi za faragha, notisi zenye tabaka, na mauzo ya ufuatiliaji wa tabiaSehemu hii inashughulikia wajibu wa uwazi, ikijumuisha notisi za faragha, notisi zenye tabaka, na mauzo ya ufuatiliaji wa tabia, na inaonyesha jinsi ya kuandika, kuweka muundo, na kutoa katika miingiliano ya SaaS na AI wakati wa kukidhi matarajio ya GDPR na CNIL.
Mandatory information under GDPR Articles 12–14Designing layered and just-in-time noticesDisclosing cookies, SDKs, and tracking toolsCommunicating AI use, logic, and key impactsTesting clarity and comprehension with users
