Presentations in this session:

• Victoria Derumier, Entity Director, MyData-Trust

This presentation will explore how traditional Data Protection Impact Assessments (DPIAs) must evolve to remain effective and meaningful in the context of AI systems, particularly those used in healthcare, research, and citizen-facing services.

Drawing from regulatory guidance (including GDPR, the AI Act, and recent EDPB guidelines), real-world case studies, and field experience supporting international companies and research actors, I will outline practical methods to identify and mitigate AI-specific risks—such as bias, opacity, and autonomy of systems—while ensuring transparency, accountability, and lawful data use.

The talk will address:

• Key challenges of applying DPIA methodology to AI projects
• How to assess risk when systems are adaptive or operate without full explainability
• A proposed structure for “AI-aware” DPIAs
• The intersection of AI risk assessment and data subject rights

The MyData audience will benefit from actionable insights to:

• Improve their AI risk management frameworks
• Better engage with vendors and internal teams when deploying AI tools
• Ensure compliance with evolving EU legal frameworks
• Promote trust in data-driven innovation

The session aims to bridge legal, ethical, and operational perspectives, making DPIAs a tool for empowerment, not just compliance.

• Andreas Strøbek, Founding Partner, Data & More

In most organisations, the greatest data protection risks hide in plain sight, within emails, documents, shared drives, and collaboration tools. This “unstructured” data often contains personal information that is invisible to compliance processes until it becomes a problem.

Our session will share practical insights from real world projects on how to discover, classify, and manage personal data in unstructured sources to meet GDPR, CCPA, and upcoming NIS2 requirements. We will demonstrate how automated data discovery and governance tools can turn a reactive compliance burden into a proactive trust-building asset.

Participants will learn:

• Why unstructured data is the “dark matter” of compliance and why traditional approaches often fail.
• How to combine technical scanning with policy-based actions to quickly address highrisk areas.
• Ways to engage employees in sustainable data hygiene without slowing down productivity.
• How proactive compliance can be leveraged as a market differentiator and a foundation for ethical data use.

By attending, MyData delegates will gain concrete strategies, tool examples, and governance models that they can apply immediately in their organisations. This session bridges the gap between theory and daily operational reality, empowering participants to transform compliance from a box-ticking exercise into a driver of trust, transparency, and business value.