x
F r o n t l i n e A I
Umów spotkanie
Umów spotkanie
X
Awesome Image
Project Objective:
Conduct a comprehensive audit of Matshop's AI systems for compliance with legal requirements, in particular the EU AI Act and RODO, and provide practical recommendations for necessary corrective actions.
Go to store

Step by step towards compliance assurance: Implementing an AI Act and RODO audit for an online store

Together, we embarked on a journey to assure the client that their advanced AI systems are operating legally and ethically, building customer trust.

Our audit process included a detailed analysis of all key aspects of their AI usage:

  • We began with an in-depth understanding of the client’s AI systems: We conducted a detailed inventory of the store’s AI systems, including product recommendation algorithms, ad personalization tools and fake review detection systems, to understand their operation and purpose.
  • We designed an audit methodology tailored to e-commerce: We developed an audit methodology that took into account the specifics of AI use in an online store, as well as AI Act requirements for high-risk systems (e.g., in the context of influencing consumer decisions) and the RODO for processing customers’ personal data.
  • We examined the technical foundation and data management processes: Our team of experts analyzed the technical architecture of the AI systems, the quality and provenance of the data used to train the models, and the client’s policies and procedures for managing and protecting personal data.
  • We identified potential risks and areas of non-compliance: We assessed AI systems in detail for risks of violating the AI Act (e.g., lack of transparency in recommendations, potential manipulation of customer decisions) and the RODO (e.g., lack of adequate legal basis for profiling, insufficient information about data processing).
  • We provided practical remedial recommendations: Based on the audit, we prepared a detailed report with specific recommendations to address the identified gaps and ensure full compliance with the AI Act and RODO.
  • We prepared an implementation action plan: We developed a clear implementation plan for the recommended changes, indicating responsibilities and deadlines for implementation.
  • We worked together to raise awareness among the team: We conducted training sessions for the client’s employees on the AI Act and RODO, explaining key requirements and best practices for ethical and legal use of AI in e-commerce. Implementing the audit allowed the client to gain confidence that their AI systems are operating responsibly and legally, building customer trust and avoiding potential sanctions.

 

Key areas of the audit:

  1. AI systems qualification under the AI Act: Assessing which AI systems used in the online store can be classified as “high-risk” systems under the AI Act (e.g., recommendation systems that influence purchasing decisions).
  2. Compliance of recommendation systems with the AI Act: Verify that the online store’s product recommendation system provides the required transparency (informing customers that recommendations are generated by AI) and that mechanisms are in place to prevent manipulation of consumer decisions.
  3. Processing of customers’ personal data in accordance with RODO: Analyze how customer AI systems process customers’ personal data (e.g., data on shopping preferences) to personalize offers and advertisements, and assess compliance with RODO rules (legal basis, scope of data, retention period, customers’ rights).
  4. Customer profiling risk assessment: Identification and assessment of the risks associated with customer profiling by AI systems in an online store, and verification of the implementation of appropriate safeguards and controls.
  5. Compliance of ad targeting systems with RODO: Analyze the use of personal data for ad targeting and assess whether the client has appropriate consents from customers for such processing and provides them with the ability to withdraw consent. 6.

 

Policies and procedures for managing AI in the client’s store:

Evaluating existing policies and procedures for their adequacy to ensure compliance with the AI Act and the RODO in the context of the client store’s specific operations.

 

In summary, the AI Act and RODO compliance audit conducted at E-Trends’ online store identified key areas where AI systems need to be adjusted and appropriate procedures implemented. As a result, our client can offer a personalized shopping experience to its customers with greater confidence, while remaining fully compliant with the law and building long-term relationships based on trust.

Powered by  GDPR Cookie Compliance
Privacy review

This website uses cookies to provide you with the best possible service. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team understand which sections of the site are most interesting and useful to you.