Somo 1Haki za watu wa data (upatikanaji, marekebisho, kufuta, kuzuia, kubeba, kupinga, maamuzi ya kiotomatiki) na michakato ya uendeshaji ya kutiiSehemu hii inaelezea kila haki ya GDPR, jinsi zinavyotumika kwa SaaS na AI, na jinsi ya kubuni michakato ya kupokea, kuthibitisha, kujibu, na kurekodi ili timu za kisheria, bidhaa, na uhandisi ziweze kushughulikia maombi ya watu wa data kwa kiwango kikubwa.
Catalog of GDPR rights and legal scopeIdentity verification and fraud prevention stepsStandard operating procedures for DSR handlingAutomation, ticketing, and response templatesLogging, metrics, and continuous process reviewSomo 2Adhabu, mwenendo wa utekelezaji, na maamuzi ya hivi karibuni ya GDPR/CNIL yanayoathiri utekelezaji wa uchambuzi na AISehemu hii inachunguza nguvu za utekelezaji za GDPR na CNIL, vigezo vya hesabu ya faini, na maamuzi ya hivi karibuni ya GDPR/CNIL yanayoathiri uchambuzi na utekelezaji wa AI, ikichukua masomo ya vitendo kwa watoa huduma za SaaS kuhusu hamu ya hatari na vipaumbele vya utii.
Administrative powers and sanction typesFine calculation criteria and aggravating factorsRecent CNIL cases on cookies and trackingEU decisions on AI, profiling, and scoringUsing case law to guide product risk choicesSomo 3Kurekodi na uwajibikaji: Rekodi za Shughuli za Kuchakata (RoPA), sera za ndani, na ushahidi kwa mamlaka za usimamiziSehemu hii inaelezea wajibu wa uwajibikaji, jinsi ya kudumisha Rekodi za Shughuli za Kuchakata, na jinsi ya kujenga sera za ndani, utawala, na ushahidi unaoonyesha utii kwa mamlaka za usimamizi wakati wa ukaguzi au uchunguzi.
Core elements of a compliant RoPA entryMapping data flows and systems for recordsDesigning internal privacy policies and chartersEvidence files, dashboards, and audit trailsGovernance roles: DPO, legal, and productSomo 4Sheria ya Ulinzi wa Data ya Ufaransa (Loi Informatique et Libertés) na mwongozo wa CNIL unaohusiana na uchambuzi na AISehemu hii inawasilisha Sheria ya Ulinzi wa Data ya Ufaransa (Loi Informatique et Libertés) na mwongozo wa CNIL unaohusiana na uchambuzi na AI, ikiangazia sifa za kitaifa, sheria za sekta, na matarajio ya vitendo kwa vidakuzi, kupima hadhira, na mifumo ya algoriti.
Structure of the French Data Protection ActCNIL powers, soft law, and recommendationsCNIL guidance on cookies and audience metricsNational rules on biometrics and sensitive dataCNIL positions on AI, scoring, and profilingSomo 5Ulinzi wa Data kwa Kubuni na kwa Chaguo-msingi: hatua za kiufundi na za kitengenezo kwa bidhaa za SaaSSehemu hii inaelezea wajibu wa Ulinzi wa Data kwa Kubuni na kwa Chaguo-msingi na jinsi ya kuzitafsiri kuwa hatua za kiufundi na za kitengenezo kwa SaaS, ikijumuisha usanifu, udhibiti wa upatikanaji, chaguo-msingi, na mazoea ya maendeleo salama.
Embedding privacy in product lifecycle stagesData minimization and privacy-friendly defaultsRole-based access control and logging designSecure development and code review practicesVendor selection and integration risk controlsSomo 6Muhtasari wa muundo wa GDPR na kanuni kuu (uhalali, kikomo cha madhumuni, kupunguza, usahihi, kikomo cha uhifadhi, uadilifu, usiri, uwajibikaji)Sehemu hii inatanguliza muundo wa GDPR na kanuni kuu, ikijumuisha uhalali, kikomo cha madhumuni, kupunguza, usahihi, kikomo cha uhifadhi, uadilifu, usiri, na uwajibikaji, na mifano iliyobadilishwa kwa SaaS na AI.
Regulation structure, scope, and key actorsLawfulness, fairness, and transparency dutiesPurpose limitation and compatibility analysisData minimization and accuracy in practiceStorage limits, security, and accountabilitySomo 7Jamii maalum za data, pseudonymization, viwango vya anonymization na hatari ya kutambua upyaSehemu hii inafafanua jamii maalum za data chini ya GDPR, jinsi ya kutekeleza pseudonymization na anonymization katika SaaS na AI, na jinsi ya kutathmini, kurekodi, na kupunguza hatari za kutambua upya katika uchambuzi na ufundi wa mashine.
Defining special categories and sensitive dataPseudonymization techniques in SaaS databasesAnonymization standards and risk-based approachesRe-identification risk assessment and controlsContractual and policy safeguards for high-risk dataSomo 8Misingi halali ya kuchakata data ya kibinafsi: idhini, mkataba, maslahi halali, maslahi ya umma — majaribio na kurekodiSehemu hii inachanganua misingi halali ya kuchakata data ya kibinafsi, ikijumuisha idhini, mkataba, maslahi halali, na maslahi ya umma, na inaelezea jinsi ya kuchagua, kurekodi, na kutetea msingi unaofaa kwa matumizi ya SaaS na AI na uchambuzi wa kitabia.
Overview of lawful bases and exclusivity rulesWhen consent is required and validly obtainedContract necessity in B2B SaaS scenariosLegitimate interest tests and balancingDocumenting legal basis choices and changesSomo 9Tathmini za Athari za Ulinzi wa Data (DPIAs): wakati zinahitajika, mbinu, templeti, na hatua za kupunguza kwa uchambuzi mkubwa wa kitabiaSehemu hii inaelezea wakati DPIAs ni lazima, jinsi ya kuainisha na kufanya kwa uchambuzi mkubwa na AI, templeti zipazo, na jinsi ya kutambua na kutekeleza hatua bora za kupunguza na idhini za hatari iliyobaki.
Triggers for DPIA and high-risk criteriaStep-by-step DPIA methodology and rolesTemplates, tools, and documentation tipsIdentifying risks in profiling and trackingMitigation plans and DPO or CNIL consultationSomo 10Uwazi na wajibu wa habari kwa watu wa data: notisi za faragha, notisi zenye tabaka, na mauzo ya ufuatiliaji wa kitabiaSehemu hii inashughulikia wajibu wa uwazi, ikijumuisha notisi za faragha, notisi zenye tabaka, na mauzo ya ufuatiliaji wa kitabia, na inaonyesha jinsi ya kuandika, kuweka muundo, na kutoa katika miingiliano ya SaaS na AI wakati wa kukidhi matarajio ya GDPR na CNIL.
Mandatory information under GDPR Articles 12–14Designing layered and just-in-time noticesDisclosing cookies, SDKs, and tracking toolsCommunicating AI use, logic, and key impactsTesting clarity and comprehension with users
