I was recently asked this question and I thought it was worth sharing. Whenever anyone asks ‘is x or y UK GDPR compliant’ my starting point is always that it depends. And that isn’t an attempt to evade the question, so let me explain.
Most technologies are not of themselves compliant or not with the UK GDPR, or any other standards for that matter, since it depends on how they are used.
If a technology is capable of being used in a compliant way, but you don’t offer transparency when the data is collected, or don’t have processes in place to respect people’s rights, that can make it non-compliant.
Getting back to the specifics, the context was a webinar where the host suggested that only certain Gen AI tools were UK GDPR compliant. In most cases, Gen AI tools can be used in a compliant way, provided certain basic safeguards are met, and these can be generalised to keeping personal data away from the AI tool.
This is why it is so important to have a Gen AI statement or policy, to help your staff and volunteers know how to use Gen AI tools responsibly. If you would like some help in creating such a statement or policy, then just book a free 25-minute Zoom call using the link below.