AI Business is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

AI Practitioner

UK’s ICO releases free toolkit to help AI users comply with GDPR

Article ImageThe agency is seeking comments ahead of full release this December

The UK’s Information Commissioner's Office (ICO) has launched a free tool designed to help organizations use AI in compliance with the General Data Protection Regulation (GDPR).

Currently available in beta, the AI and Data Protection Risk Toolkit is aimed at organizations that use machine learning to process personal data, and outlines the risks to individuals’ information rights.

“It also provides suggestions on best practice organizational and technical measures that can be used to manage or mitigate the risks and demonstrate compliance with data protection law,” Alister Pearson, senior tech policy officer at the ICO, wrote in a blog post.

Uphold and protect

The toolkit was based on the agency’s Guidance on AI and Data Protection, as well as the guidance on Explaining Decisions Made With AI, which was co-developed with The Alan Turing Institute.

Any organization using AI to process personal data would gain “high assurance that you are complying with data protection legislation,” by using the toolkit, the ICO said.

An alpha version of the document was published back in March, with stakeholder consultation used to shape the beta version. The ICO said it is now looking for comments on the next stage of its development, with plans to release the final version in December.

Any stakeholders interested in testing the toolkit on a live AI application, or providing feedback, are encouraged to contact the ICO.

The agency recognizes the importance of data protection laws – having issued more than £42 million ($59m) worth of fines in 2020 to companies that breached GDPR.

The agency’s annual report slapped the likes of Marriott International and Ticketmaster with penalties, with the largest fine of the year – totaling $28 million – issued to British Airways over a cyber attack that happened in 2018.


More EBooks

Latest video

More videos

Upcoming Webinars

More Webinars
AI Knowledge Hub

Research Reports

More Research Reports


Smart Building AI

Infographics archive

Newsletter Sign Up

Sign Up