When approaching compliance in deploying AI, there is something simple, a basic component of data protection compliance, which can make the difference between a structured project which gives you data processing information at your fingertips and a more labour and time-intensive process which risks failing to properly consider all relevant issues.

Although the use cases for AI are myriad, where personal data is involved and GDPR is applicable, data mapping will always be a good place to start. This may mean developing or improving on organisation-wide data-mapping, for example where agentic AI will integrate with one or more systems, or using an existing data mapping exercise as a starting point to develop a bespoke data mapping project for a particular tool which uses a narrower set of personal data.