Spain | Regulatory Framework
Status: under review
Effective: N/A
moderate AEPD requirements for audits of processing operations that include AI
Requirements for Audits of Processing Operations that Include Artificial Intelligence (AI)
I. Regulatory Summary
Supports audit programmes by translating GDPR principles into auditable checks for AI-enabled processing. Organisations using AI with personal data can leverage it to structure evidence collection and remediation.
II. Full Description
AEPD guidance document on “Requirements for audits of processing operations that include AI” (January 2021; marked “EN REVISIÓN”). It sets out audit objectives and associated evidence items, including transparency, transfers and retention controls.
**Source file**: ES - 20210101 - AEPD - requisitos-auditorias-tratamientos-incluyan-ia.pdf
III. Scope & Application
Guidance (marked as under review) describing audit objectives and checks for processing operations that include an AI component. Focuses on GDPR accountability artifacts (records, transparency, transfers, retention) and control points relevant for auditing AI-enabled processing.
IV. Policy Impact Assessment
Supports audit programmes by translating GDPR principles into auditable checks for AI-enabled processing. Organisations using AI with personal data can leverage it to structure evidence collection and remediation.
Primary Focus: gdpr audit controls for ai