top of page

Name

Bruno Siqueira

Startup Stage

Building product (MVP)

Company

Nocorp

Business Position

B2C - Business to Consumer

Risk Impact Assessment

82%

Resume of assessment

Stage: 3. Legal compliance of data

Has the company observed the legal guidelines for the processing of personal data?

Answer: Não

Stage: 3. Legal compliance of data

Will the smart autonomous system use personal data?

Answer: Não

Stage: 3. Legal compliance of data

The intelligent autonomous system will use sensitive personal data (personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data , when linked to a natural person)?

Answer: Não

Stage: 3. Legal compliance of data

Has the intelligent autonomous system performed age verification of data subjects prior to processing?

Answer: Não

Stage: 3. Legal compliance of data

Does the company have Terms of Use and Privacy Policy for the collection, storage and use of customer personal data on a digital platform?

Answer: Não

Stage: 3. Legal compliance of data

Has the company established procedures to ensure that the legal basis and its purpose are identified before starting any further processing of personal data or special category data?

Answer: Não

Stage: 3. Legal compliance of data

Has the company implemented the right to withdraw consent, the right to object and the right to delete personal data from the smart autonomous system?

Answer: Não

Stage: 3. Legal compliance of data

Has the company established a Data Protection Officer (DPO), with designated responsibility, having participated in the development of the intelligent autonomous system?

Answer: Não

Stage: 3. Legal compliance of data

Will the intelligent autonomous system be used to aid decision making?

Answer: Não

Stage: 3. Legal compliance of data

Will the intelligent autonomous system replace human decisions that require judgment?

Answer: Não

Stage: 3. Legal compliance of data

Will the intelligent autonomous system be used by a different part of the organization than the one that developed it?

Answer: Não

Stage: 4. Trend (discrimination) of data

Are there documented processes for testing the dataset against bias and other unexpected results?

Answer: Não

Stage: 4. Trend (discrimination) of data

Has a gender-based analysis been performed on who provides the data?

Answer: Não

Stage: 4. Trend (discrimination) of data

Has an analysis been performed based on the race of the data provider?

Answer: Não

Stage: 4. Trend (discrimination) of data

Has an analysis been performed based on the ethnicity of the data provider?

Answer: Não

Stage: 5. About the risks of intelligent autonomous system

Did the company, before developing the intelligent autonomous system, carry out a Privacy Impact Assessment on the use of personal data against the risks of non-compliance with privacy and data protection?

Answer: Não

Stage: 5. About the risks of intelligent autonomous system

Has a summary of what intelligent autonomous system intends to do in the Privacy Impact Assessment, what processing will it involve and what are the expected results?

Answer: Não

Stage: 5. About the risks of intelligent autonomous system

Has the company carried out a detailed analysis of the decision-making impact on data subjects, the possible legal effects and the mitigations and protections against each risk?

Answer: Não

Stage: 5. About the risks of intelligent autonomous system

Are the resulting impacts of the decision reversible?

Answer: Não

Stage: 6. Data security and confidentiality

Has the intelligent autonomous system considered security and privacy from the design stage?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company put in place measures to achieve privacy by design and standard, such as encryption, pseudonymization, and anonymization?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company considered in the process of completing the Privacy Impact Assessment to include consultation with internal experts in each area?

Answer: Não

Stage: 6. Data security and confidentiality

Did the company consider, in the process of completing the Privacy Impact Assessment, the consultation of external experts on the risks of acting?

Answer: Não

Stage: 6. Data security and confidentiality

Does the company release the Privacy Impact Assessment report to interested parties?

Answer: Não

Stage: 6. Data security and confidentiality

Does the company require processing not to take place until mitigation controls have been implemented in accordance with the Privacy Impact Assessment report?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company considered the privacy implications of collecting personal data generated or processed over the lifecycle of the intelligent autonomous system?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company established a documented process/policy with appropriate document controls, with deadlines set for periodic reviews to ensure they remain current?

Answer: Não

Stage: 6. Data security and confidentiality

Is the data used by the intelligent autonomous system inside an enclosed space?

Answer: Não

Stage: 6. Data security and confidentiality

Was the intelligent autonomous system designed to consider the impact of the AI system on the right to privacy, data protection, the right to physical, mental and/or moral integrity?

Answer: Não

Stage: 6. Data security and confidentiality

the intelligent autonomous system been trained to handle personal data (including sensitive personal data)?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company created a Committee or equivalent, responsible for providing overall oversight of the intelligent autonomous system, its use and the associated data risks within the organization?

Answer: Não

Stage: 6. Data security and confidentiality

Has the company put in place supervisory mechanisms for data processing, such as limiting access to qualified personnel, mechanisms for recording access to data to make changes?

Answer: Não

Stage: 6. Data security and confidentiality

If personal data is shared by the intelligent autonomous system with third parties, are there appropriate safeguards?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company implemented an overall privacy governance and management strategy/structure that supports compliant use of the smart autonomous system?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company developed a framework that includes appropriate technical and organizational measures designed to effectively implement data protection principles?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company developed documentation that provides evidence that senior management is responsible for properly understanding and addressing the risks associated with the intelligent autonomous system?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company established technical, operational roles and assigned responsibilities to ensure effective management and data security in the intelligent autonomous system?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company established assurances that job descriptions assign responsibilities to ensure the smart autonomous system's compliance with data protection legislation and industry regulations?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company put in place a documented policy/process that includes details of how the intelligent autonomous system will be tested prior to implementation to ensure there are no errors in data outputs or statistical errors?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Does the company have a record of all complaints received that tracks the issue, response, and response date to determine trends, issues, and risks?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

The company has established a documented policy/process that includes details of the methodology that will be used by a human reviewer when testing the statistical accuracy of the intelligent autonomous system to ensure that the error rate in data outputs or statistical errors is within acceptable and documented tolerances ?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Has the company developed guidelines or manuals to support smart autonomous system policies and guide operational staff on their use and application of the GDPR?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Does the company maintain evidence to support that key employees have received training or have an appropriate qualification so that they can identify and address bias and discrimination in the smart autonomous system?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Does the company maintain evidence that intelligent autonomous system developers have received additional training to understand individuals' rights under the GDPR and recognize the impact on them?

Answer: Não

Stage: 7. Governance of the intelligent autonomous system (or data)

Does the company seek to ensure that training content is accurate, up-to-date, and periodically reviewed and/or updated to ensure staff are current with the latest technical advances in the field?

Answer: Não

bottom of page