AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Privacy Program Automation

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal orchestration

Data Removal

Introducing end-to end automation of personal data removal

Services

State-of-Privacy-Assessment (SOPA)

Support

Professional Services

Pricing plans

Talk to sales

Resources

Latest Blog posts

11 Steps to Jumpstart Your Compliance Process

15/11/2023

Saudi Arabia’s Personal Data Protection Law (PDPL)

05/11/2023

How to conduct Legitimate Interests Assessment (LIA) ?

15/10/2023

Learn the terms

Opt-out

Risk assessment

Breach disclosure

Pseudonymization

De-identifiable data

European Commission

Sensitive personal data

Audit trail

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

India’s Digital Personal Data Protection Act DPDP

13/10/2023

Saudi Arabia’s Personal Data Protection Law PDPL

24/08/2023

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

Partners

Become a partner

About us

Careers

General Data Protection Regulation (GDPR)

GDPR

>

Chapter 3 >

Art. 22 — Automated individual decision-making, including profiling

Article 22

Automated individual decision-making, including profiling

Chapter 3

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Paragraph 1 shall not apply if the decision:
1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
3. is based on the data subject’s explicit consent.
In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

Suitable recitals

(71) Profiling, (72) Guidance of the European Data Protection Board Regarding Profiling, (91) Necessity of a Data Protection Impact Assessment

General Data Protection Regulation (GDPR)

Suitable recitals

(71) Profiling, (72) Guidance of the European Data Protection Board Regarding Profiling, (91) Necessity of a Data Protection Impact Assessment