🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 22 of the GDPR: Automated individual decision-making, including profiling

Home GDPR articles decrypted Article 22 of the GDPR: Automated individual decision-making, including profiling

Article 22 of the GDPR regulates automated decisions producing legal effects, including profiling. It aims to protect individuals against important decisions made without human intervention.

Article 22 of the GDPR explained

A data subject has the right to not be the subject of a decision based exclusively on automated processing, including profiling, if this decision produces legal effects or significantly affects it.

Exceptions exist:

  • If the decision is necessary for the conclusion or execution of a contract;
  • If authorized by EU or Member State law;
  • If it is based on the explicit consent of the person.

Even in these cases, additional guarantees are required (human intervention, possibility of expressing one's point of view, etc.).

Why is this article important for your GDPR compliance?

Automated processing is becoming more and more frequent (AI, scoring, recommendations). This right protects against unfair or opaque decisions, and imposes transparency in algorithmic processes.

How to comply with Article 22 of the GDPR?

  • Identify all treatments based on automated decision making in your register.
  • Check whether these decisions produce legal or significant effects.
  • Prepare procedures for protest and human intervention.
  • Clearly inform data subjects of the existence of these processing operations and the associated rights.

Examples of application of Article 22 of the GDPR

  • A bank loan is automatically refused based on an algorithm: the person must be able to contest and obtain human review.
  • Recruitment is based on an automatic scoring tool: the candidate can request an explanation and put forward their arguments.
  • Insurance sets its prices via a behavioral profiling tool: the user must be informed and be able to refuse such processing if it is exclusively automated.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject