topiccore

Compliance: GDPR / KVKK / EU AI Act

Legal obligations for AI products — data minimization, subject rights, risk classification.

4 hours3 resources

KVKK (TR) ≈ GDPR (EU): user data → explicit consent, purpose limitation, right to erasure.

EU AI Act (2024-2026): AI systems classified by risk:

Prohibited (social scoring, real-time biometric ID) — banned
High risk (critical infra, education, employment) — conformity assessment, registry
Limited risk (chatbot, deep fake) — transparency (disclose AI nature)
Minimal (simple game, spam filter) — voluntary

As a prompt engineer: PII redaction mandatory, know data retention policy, sign DPA with vendors (OpenAI/Anthropic), limit log retention, be ready for subject access requests (deletion).

Resources(3)

OOfficial(2)

EU AI Act — official portal

DDocs(1)

Anthropic — Data Processing Addendum

· en

freeofficial

Related steps

PII Detection & Redaction→

Agentic IDEs (Claude Code, Cursor)

Hallucination Defense

Open the full interactive roadmap