Privacy Officer Guide: Data Protection for AI
As a Privacy Officer (or Data Protection Officer), you must ensure AI systems comply with data protection regulations. AI introduces unique privacy risks — personal data flowing to external model providers, cross-border data transfers to inference endpoints, and the lack of visibility into what data employees are sharing with AI tools. Keeptrusts provides the detection, enforcement, and evidence infrastructure you need.
Use this page when
- You are ensuring AI systems comply with GDPR, CCPA/CPRA, or other data protection regulations
- You need to detect and redact personal data before it reaches external LLM providers
- You are conducting or updating a Data Protection Impact Assessment (DPIA) for AI systems
- You need to respond to data subject access requests involving AI interaction data
- You are managing cross-border data transfers through regional gateway configurations
Primary audience
- Primary: Technical Leaders (Privacy Officers, Data Protection Officers)
- Secondary: Legal Counsel, Compliance Officers, Security Engineers
GDPR Compliance for AI Systems
Key GDPR Obligations and Keeptrusts Controls
| GDPR Requirement | Article | Keeptrusts Control |
|---|---|---|
| Lawful basis for processing | Art. 6 | Event logging for processing records |
| Data minimization | Art. 5(1)(c) | PII detection + redaction before sending to providers |
| Purpose limitation | Art. 5(1)(b) | Policy enforcement restricting permitted use cases |
| Storage limitation | Art. 5(1)(e) | Event retention policies |
| Security of processing | Art. 32 | Encryption, access controls, audit logging |
| DPIA requirement | Art. 35 | Automated evidence generation from policy events |
| Records of processing | Art. 30 | Complete event and audit trail |
| Data subject rights | Arts. 15-22 | Event export for subject access requests |
PII Detection and Redaction
The pii-detector policy is your primary defense against personal data reaching external AI providers:
policies:
- name: gdpr-pii-protection
type: pii-detector
action: redact
entity_types:
- name
- email
- phone
- national_id
- date_of_birth
- financial
- health
- location
enabled: true
Monitoring PII Exposure
# Check PII detection events in the last 24 hours
kt events list --since 24h --policy pii-detector
# Export PII processing records for Art. 30 compliance
kt export create \
--type events \
--format csv \
--since 30d \
--policy pii-detector \
--description "Monthly PII processing records — GDPR Art. 30"
The Console Events page lets you filter by the pii-detector policy to review all instances where personal data was detected and redacted.
CCPA/CPRA Compliance
California Privacy Requirements
| CCPA Requirement | Keeptrusts Control |
|---|---|
| Right to know | Event logs showing data collection |
| Right to delete | Event retention policies |
| Right to opt-out | Gateway configuration per user/application |
| Data minimization | PII redaction at the gateway |
| Service provider obligations | Provider-scoped policies and logging |
Responding to Consumer Requests
When a consumer exercises their data rights, use Keeptrusts exports to identify and document relevant data:
# Export events related to a specific user for a subject access request
kt export create \
--type events \
--format csv \
--since 365d \
--description "Data subject access request — user ID 12345"
Data Mapping for AI Systems
AI Data Flow Inventory
Document how personal data flows through your AI systems using Keeptrusts telemetry:
| Data Flow | Source | Destination | Data Types | Safeguard |
|---|---|---|---|---|
| User prompts | Applications | Gateway | May contain PII | pii-detector redaction |
| Gateway to LLM | Gateway | LLM provider | Redacted prompts | Encryption in transit |
| LLM responses | LLM provider | Gateway | May contain PII | pii-detector on output |
| Decision events | Gateway | Control-plane API | Metadata only | Access controls, encryption |
| Event exports | API | Export storage | Aggregated metadata | Encryption at rest |
Identifying Data Processing Activities
# Map data flows by reviewing event patterns
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=30d&group_by=provider"
# Identify which teams process personal data
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=30d&group_by=gateway&policy=pii-detector"
Consent Management
Governance Without Explicit Consent
Where AI processing relies on legitimate interest rather than explicit consent, Keeptrusts provides the balancing test evidence:
| Legitimate Interest Element | Evidence from Keeptrusts |
|---|---|
| Purpose of processing | Policy configurations defining permitted use |
| Necessity | Event logs showing business-critical AI usage |
| Safeguards applied | Active PII detection, DLP filters, content filtering |
| Impact on individuals | PII detection rates, redaction statistics |
Consent-Gated AI Access
For scenarios requiring explicit consent, use gateway keys to control who can access AI services:
- Issue gateway keys only to applications with verified consent flows
- Revoke keys in Console Settings > Gateway Keys when consent is withdrawn
- Track usage per key to demonstrate consent-bounded processing
DPIA for AI Systems
When DPIAs Are Required
Under GDPR Art. 35, DPIAs are mandatory for AI processing that involves:
- Systematic evaluation of personal aspects (profiling)
- Large-scale processing of special categories of data
- Systematic monitoring of publicly accessible areas
- New technologies where impact is unknown
DPIA Structure with Keeptrusts Evidence
| DPIA Section | Content | Keeptrusts Source |
|---|---|---|
| Description of processing | What the AI system does, data types processed | Policy configuration + event logs |
| Necessity and proportionality | Why AI processing is required | Business justification + policy constraints |
| Risks to individuals | What could go wrong | PII detection rates, content filter blocks |
| Mitigation measures | Safeguards in place | Active policies, enforcement rates, escalation SLAs |
| Monitoring plan | Ongoing oversight | Console dashboards, regular exports |
Generating DPIA Artifacts
# Policy configuration as mitigation evidence
kt policy lint --file production-policy.yaml
# Processing activity records
kt export create \
--type events \
--format csv \
--since 90d \
--description "DPIA evidence — processing activity records"
# PII detection effectiveness
kt export create \
--type events \
--format csv \
--since 90d \
--policy pii-detector \
--description "DPIA evidence — PII detection and redaction records"
Cross-Border Data Transfers
Transfer Risk Assessment
When AI prompts are sent to LLM providers in different jurisdictions, this constitutes a cross-border data transfer. Mitigate transfer risk with:
| Control | Implementation |
|---|---|
| Data minimization before transfer | pii-detector redaction removes personal data before prompts reach providers |
| Regional provider selection | Configure region-specific providers in gateway policy |
| Transfer impact assessment | Use event logs to quantify data types transferred |
| Supplementary measures | DLP filters, content filtering, encryption |
Regional Gateway Configuration
providers:
targets:
- id: azure-openai-eu
provider:
base_url: https://eu-west.openai.azure.com
secret_key_ref:
env: AZURE_OPENAI_EU_KEY
policies:
- name: transfer-minimization
type: pii-detector
action: redact
entity_types:
- name
- email
- phone
- national_id
- health
- financial
enabled: true
Data Retention
Event Retention Policies
Configure retention periods that comply with your organization's data retention schedule:
| Data Type | Retention Period | Justification |
|---|---|---|
| Decision events | 90-365 days | Regulatory evidence |
| Audit log | 365+ days | Compliance audit trail |
| Export artifacts | Per export policy | Subject access requests |
| Gateway keys | Until rotated/revoked | Access management |
The API supports event retention configuration through KEEPTRUSTS_EVENT_RETENTION_HOURS. A background worker automatically prunes events beyond the retention window.
Retention Compliance Verification
# Verify retention policy is active
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=365d&limit=1"
Privacy Officer Workflow with Keeptrusts
| Task | Frequency | Tool |
|---|---|---|
| Review PII detection events | Daily | Console Events filtered by pii-detector |
| Respond to data subject requests | As needed | kt export create with user filter |
| DPIA reviews | Per new AI system | Export artifacts + policy review |
| Cross-border transfer assessment | Quarterly | Provider-region analysis |
| Retention policy verification | Monthly | Event age checks |
| Regulatory reporting | Quarterly | Aggregated export data |
| Audit log review | Monthly | Console Audit Log |
Success Metrics for Data Protection
| Metric | Target | Source |
|---|---|---|
| PII redaction coverage | 100% of governed AI traffic | pii-detector enforcement rate |
| Subject access request response | < 30 days (GDPR requirement) | Request tracking |
| DPIA completion | All high-risk AI systems assessed | DPIA register |
| Cross-border transfer compliance | All transfers documented and justified | Transfer impact assessments |
| Retention compliance | No data held beyond retention period | Retention audit |
| Privacy incidents | Zero unauthorized PII exposure | Event monitoring |
For AI systems
- Canonical terms: Keeptrusts, data protection, GDPR, CCPA, DPIA, PII detection, PII redaction, data subject rights, cross-border transfers, consent management
- Key surfaces: Console Events (filter by pii-detector), Console Exports, Events API, Console Configurations
- Commands:
kt events list --policy pii-detector,kt export create,kt policy lint - Policy types:
pii-detector(action: redact/block, entity_types: name, email, phone, national_id, date_of_birth, financial, health, location),dlp-filter, event retention policies - GDPR mapping: Art. 5 (data minimization via redaction), Art. 6 (lawful basis via logging), Art. 30 (records via event trail), Art. 32 (security via access controls), Art. 35 (DPIA via automated evidence)
- Best next pages: Legal Counsel Guide, Compliance Officer Guide, Exports Guide, Policy Reference
For engineers
- Deploy PII protection: configure
pii-detectorpolicy withaction: redactand comprehensiveentity_typeslist - Monitor PII events:
kt events list --since 24h --policy pii-detector - Generate Art. 30 processing records:
kt export create --type events --format csv --since 30d --policy pii-detector - Respond to data subject requests: export user-specific events with
--description "DSAR - user ID 12345" - Enforce data residency: deploy region-specific gateways with provider configs that restrict data to specific jurisdictions
- Validate privacy config:
kt policy lint --file gdpr-policy.yaml
For leaders
- PII detection and redaction at the gateway layer prevents personal data from reaching external AI providers — data minimization (Art. 5(1)(c)) is enforced automatically, not relying on user discipline
- DPIA evidence is generated continuously from policy enforcement events, eliminating manual assessment updates
- Data subject access requests can be fulfilled by exporting user-specific events, showing exactly what data was processed, when, and by which AI systems
- Cross-border transfer compliance is enforced architecturally through regional gateway deployments that constrain data flows to specific jurisdictions
- Event retention policies enable storage limitation compliance (Art. 5(1)(e)) with configurable retention periods
Next steps
- Map compliance controls: Compliance Officer Guide
- Configure legal framework: Legal Counsel Guide
- Export privacy evidence: Exports Guide
- Review policy options: Policy Reference
- EU AI Act overlap: EU AI Act Guide