An organization is implementing an AI-powered chatbot for customer service. The chatbot must comply with GDPR and handle data subject access requests (DSARs). Which design approach best ensures compliance?
Trap 1: Minimize data collection by not logging any user interactions.
While minimizing data is good, it prevents auditing and debugging; also, DSARs require proving data was not processed if not retained.
Trap 2: Anonymize all user data before logging interactions.
Anonymization may prevent re-identification, but DSARs require access to personal data; anonymized data is not personal data, but the organization must still be able to identify the user's data before anonymization.
Trap 3: Encrypt all chat logs and store them indefinitely for audit…
Indefinite storage violates the storage limitation principle; encryption does not exempt from deletion requests.
- A
Minimize data collection by not logging any user interactions.
Why wrong: While minimizing data is good, it prevents auditing and debugging; also, DSARs require proving data was not processed if not retained.
- B
Anonymize all user data before logging interactions.
Why wrong: Anonymization may prevent re-identification, but DSARs require access to personal data; anonymized data is not personal data, but the organization must still be able to identify the user's data before anonymization.
- C
Implement an audit trail that logs interactions with a unique user identifier, and provide a mechanism to delete logs upon user request.
This ensures compliance with the right to access and erasure under GDPR.
- D
Encrypt all chat logs and store them indefinitely for audit purposes.
Why wrong: Indefinite storage violates the storage limitation principle; encryption does not exempt from deletion requests.