GDPR + AI Act Compliance Assessment for an HR-Tech Vendor
Overview
What this challenge is about.
Audit the candidate-screening product against: GDPR Articles 5, 6, 13, 14, 22, 25, 32, 35; AI Act high-risk-system obligations (Annex III - employment); plus the customer's specific 14 questions (provided). Run interviews with: product manager, ML lead, DPO, and 2 customer-success reps with EU clients. Build a per-clause compliance matrix. Identify gaps in: lawful basis documentation, automated-decision-making safeguards, bias-testing evidence, DPIA (Data Protection Impact Assessment) artifacts, and human-oversight architecture. Deliver: compliance-matrix spreadsheet, 12-page assessment report, 90-day remediation plan, and a 6-page customer-facing compliance memo.
The Brief
What you'll do, and what you'll demonstrate.
Pass a Fortune-100 GDPR + AI Act procurement review in 8 weeks via a combined compliance assessment, gap-remediation plan, and customer-facing memo.
Earning criteria — what you'll demonstrate
- Combine GDPR and EU AI Act assessments into one coherent compliance exercise
- Translate regulatory text into product-specific control requirements
- Design human-oversight architecture for automated-decision-making systems
- Communicate compliance to enterprise procurement audiences
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Product Manager
PMs in regulated SaaS who can read compliance assessments price the work correctly and avoid the deal-blocking 'we forgot DPIA' surprise.
This challenge sharpens
- compliance
- privacy-regulation
- stakeholder-communication