The agency is seeking comments ahead of full release this December

The UK’s Information Commissioner's Office (ICO) has launched a free tool designed to help organizations use AI in compliance with the General Data Protection Regulation (GDPR).

Currently available in beta, the AI and Data Protection Risk Toolkit is aimed at organizations that use machine learning to process personal data, and outlines the risks to individuals’ information rights.

“It also provides suggestions on best practice organizational and technical measures that can be used to manage or mitigate the risks and demonstrate compliance with data protection law,” Alister Pearson, senior tech policy officer at the ICO, wrote in a blog post.

Uphold and protect

The toolkit was based on the agency’s Guidance on AI and Data Protection, as well as the guidance on Explaining Decisions Made With AI, which was co-developed with The Alan Turing Institute.

Any organization using AI to process personal data would gain “high assurance that you are complying with data protection legislation,” by using the toolkit, the ICO said.

An alpha version of the document was published back in March, with stakeholder consultation used to shape the beta version. The ICO said it is now looking for comments on the next stage of its development, with plans to release the final version in December.

Any stakeholders interested in testing the toolkit on a live AI application, or providing feedback, are encouraged to contact the ICO.

The agency recognizes the importance of data protection laws – having issued more than £42 million ($59m) worth of fines in 2020 to companies that breached GDPR.

The agency’s annual report slapped the likes of Marriott International and Ticketmaster with penalties, with the largest fine of the year – totaling $28 million – issued to British Airways over a cyber attack that happened in 2018.