Standard GDPR checklists don't address AI complications: model training consent, API cross-border transfers, right to erasure from model weights, and Article 22 automated decision-making.

The most commonly missing clause in AI vendor contracts: explicit prohibition on using your data for model training. This policy defines the default rule, vendor contract requirements, and the approval

If you use AI meeting transcription, writing assistants, or security monitoring, GDPR requires you to tell employees. This template covers all AI tools and includes the 'what we do and

GDPR requires a DPIA before high-risk processing - and AI systems almost always qualify. This template covers the AI-specific questions standard DPIA templates miss: training data consent, model weight erasure,

Before you can improve your AI security posture, you need an honest baseline. 25 questions across 5 domains - with a scoring guide that tells you where to focus first.

32 controls across inventory management, data protection, prompt injection defenses, API security, logging, and incident readiness - each with the specific evidence an auditor or examiner will request.

AI tools are being used across every function - but most organizations have zero visibility. This policy defines what must be logged, retention periods by data tier, who can access

Traditional IR playbooks don't cover prompt injection, AI data exfiltration, or hallucination-caused compliance failures. Step-by-step procedures, timelines, and regulatory notification triggers for each AI-specific incident type.

55% of employees use AI tools their organization hasn't approved. This policy defines what shadow AI is, how to detect it, how to respond by severity, and how to fix

The most common AI data exposure is an employee pasting the wrong content into ChatGPT. This policy gives every employee a clear, tier-based answer: can I put this in an