Trust · GDPR + DPIA · DEC-V11-80 · LIVE current

GDPR + DPIA Generator · ROSS · per-vertical templates

DPIA generator endpoint operativo · 4 verticals templates (banking · insurance · healthcare · legal) · AI Act art 26 deployer obligations cross-reference · DPO contact David Mayoral Vilches.

Status · LIVE · current
Section 1

DPIA Generator endpoint · public sandbox

ROSS embebe DPIA generator (DEC-V11-58 phase 5) que produce GDPR-compliant Data Protection Impact Assessment automatizado per tenant-context + vertical-template. Rate-limited 5/day per IP público · unlimited authenticated tenants.

POST /api/compliance/dpia-generator
{ tenant_context, vertical: "banking" | "insurance" | "healthcare" | "legal", use_case }

Output · DPIA markdown 8 secciones canonical (GDPR art 35) · renderizable PDF brand v4 enforced (DPIA PDF generator lib) · multilingual ES/EN/FR/DE/IT · audit-trail dual-write per generation.

Section 2

4 verticals templates canonical

Banking · finance
Risks identified
  • KYC/AML automation · GDPR art 22 automated decision-making
  • Voice biometric → special category data (art 9)
  • Cross-border transfers · adequacy decision evaluation
Mitigations canonical
  • Human-in-the-loop firmado · NO autopilot decisión crediticia
  • Voice corpus encrypted at-rest · Garage S3 EU sovereign
  • DPA + SCCs · EU residency hard-enforced
Insurance · actuarial
Risks identified
  • Claims processing automation · profiling art 22
  • Health data ingestion (art 9 special category)
  • Retention periods regulatory mandate vs GDPR minimization
Mitigations canonical
  • Explicit consent record · DPIA per use case firmada
  • Pseudonymization claims data · access logged audit-trail
  • Retention schedule per regulation · auto-purge tooling
Healthcare · medtech
Risks identified
  • Patient data art 9 special category · highest risk
  • Voice transcript → clinical note potential
  • Cross-border data transfer ePrivacy + national health laws
Mitigations canonical
  • Tenant-scoped encryption keys · per-clinic isolation
  • Voice transcript opt-in explicit · disclosure first-turn
  • EU-residency enforced · no US transfer · BAA equivalent
Legal · professional services
Risks identified
  • Attorney-client privilege protection
  • Litigation hold + retention conflict GDPR minimization
  • Confidentiality opposing parties data accidental ingestion
Mitigations canonical
  • Privileged communication marker · audit-trail tag
  • Litigation hold workflow · suspend auto-purge per matter
  • Access controls per matter · need-to-know firmada
Section 3

AI Act art 26 deployer cross-reference

GDPR DPIA art 35 + AI Act art 26 deployer obligations comparten ~60% evidence canonical. ROSS DPIA template incluye AI Act art 26 section · deployer obligations checklist · transparency obligations art 50 disclosure · oversight humano firmada (NO autopilot HIGH-RISK decisions art 5).

Cross-reference matrix · GDPR art 35 vs AI Act art 26 mapping · evidence reuse 60-70% · auditor walkthrough single document. Ver/trust/ai-act para AI Act 50/52 full canonical.

Section 4

DPO contact · David Mayoral Vilches

Data Protection Officer (DPO) canonical · David Mayoral Vilches · CEO + DPO Acceleration Sales · contacto canonical david@accelerationsales.com.

Data subject requests (DSR) GDPR art 15-22 · acceso · rectificación · supresión · portabilidad · oposición · limitación · objeción decisión automatizada. Response SLA 30 días canonical · extension justified 60 días máximo art 12.

Supervisory authority canonical · AEPD (España) · www.aepd.es. ROSS cooperación obligatoria art 31. Breach notification 72h art 33.

Try DPIA generator · public sandbox

Generate DPIA per tu vertical + use case · 5/day rate-limit por IP · PDF brand v4 export · multilingual.

Try DPIA generator · sandbox
AI Act art 50 disclosure · contenido generado con asistencia IA (Claude · Anthropic) · revisión humana firmada Will CTO + Patxi Compliance · DEC-V11-80.