What is Automated Decision-Making?
Automated decision-making refers to decisions made by technological means without human involvement, which under the GDPR is restricted when it produces legal or similarly significant effects on individuals.
Automated decision-making under Article 22 of the GDPR refers to decisions that are made solely by automated means, without any human involvement, which produce legal effects or similarly significantly affect a data subject. The GDPR grants data subjects the right not to be subject to such decisions, with exceptions for contractual necessity, explicit legal authorization, or explicit consent. When exceptions apply, the controller must implement suitable safeguards including the right to obtain human intervention, express their point of view, and contest the decision.
Automated decision-making includes processes such as automated credit scoring, algorithmic hiring decisions, insurance risk assessments, and automated content moderation. When special categories of data are involved, automated decisions are only permitted with explicit consent or substantial public interest, with suitable safeguards. Organizations must provide meaningful information about the logic involved, the significance, and the envisaged consequences.
ComplyIQ helps organizations document and assess their automated decision-making processes, ensuring that appropriate safeguards are in place and that data subjects are properly informed about automated processing that affects them. This includes tracking where automated decisions occur across the organization and verifying that human review mechanisms are available.
Relevant Regulations
How IQWorks Helps
Related Terms
Profiling Under GDPR
Profiling under the GDPR is any form of automated processing of personal data that evaluates personal aspects of a natural person, such as analyzing or predicting behavior, preferences, interests, or movements.
Data Subject Rights (DSR)
Data Subject Rights are the legal rights granted to individuals under data protection laws, enabling them to control how their personal data is collected, used, stored, and shared by organizations.
Consent Management
Consent management is the systematic process of obtaining, recording, tracking, and managing individuals' consent for the collection and processing of their personal data in compliance with privacy regulations.