#13 Understanding AI and Data Privacy with Enzo Marquet: A Deep Dive into the GDPR and AI Act

In this CROPLAND podcast, Geert Vromman welcomes Enzo Marquet, privacy consultant and AI specialist at Cranium, to discuss the intersection of data, privacy, and the accelerating "tsunami" of AI regulation. They analyze a critical blind spot for many organizations: the rise of Shadow AI, where employees independently use tools like ChatGPT, Gemini, or Copilot without formal oversight. This practice introduces significant risks regarding unmanaged datastreams and hallucinations. Marquet clarifies the distinction between the risk-driven, often interpretive nature of GDPR and the European AI Act, which functions more as product legislation with specific risk categories, ranging from prohibited practices and high-risk systems to transparency requirements. Using practical examples such as HR chatbots and AI in recruitment, they explore the tangible challenges of algorithmic bias and the necessity of human supervision. To ensure scalability and avoid future rework, the discussion concludes with a strategic plea to start small, map current processes, and maintain rigorous registers through a "compliance by design" approach.