Use case 01
Data breach response
A DPO discovers at 4pm that a misconfigured cloud storage bucket has exposed customer records for 3 days. The clock is ticking — has the 72-hour notification window already passed?
Situation
Cloud bucket exposed
Customer data accessible for 72+ hours
DPO Agent
Asks DPO Agent
"Has the 72-hour notification window passed?"
Response
Precise guidance
GDPR art. 33(1): notify without undue delay + reasons for delay
Outcome
Notifies Datatilsynet
With delay justification — within hours
Use case 02
DPIA assessment
IT proposes a new HR platform with biometric login and automated performance scoring for 800 employees. The DPO must decide: is a Data Protection Impact Assessment required?
Situation
New HR system
Biometric + automated scoring for 800 staff
DPO Agent
Asks DPO Agent
"Does this processing require a DPIA?"
Response
Yes — 3 criteria met
Biometric data + automated decisions + large scale (WP248)
Outcome
DPIA initiated
With structured assessment note from DPO Agent
Use case 03
AI Act compliance
The recruitment team wants to deploy an AI tool that automatically ranks and filters job applicants. The DPO must assess the risk classification under the EU AI Act.
Situation
AI recruitment tool
Automated applicant ranking and filtering
DPO Agent
Asks DPO Agent
"Is this AI tool high-risk under the EU AI Act?"
Response
High-risk confirmed
AI Act Annex III: employment decisions = high-risk category
Outcome
Compliance roadmap
Risk mgmt, human oversight, conformity assessment
Use case 04
Comparing data processing agreements
Procurement sends over a vendor's proposed DPA for a new cloud platform. The compliance lead needs to know fast: does it meet GDPR Article 28, and how does it compare to the company's own standard agreement?
Situation
New vendor DPA received
Must be reviewed before signing
DPO Agent
Uploads both DPAs
Vendor's agreement + internal standard template
Response
Side-by-side comparison
Missing clauses, conflicts, and GDPR art. 28 gaps identified
Outcome
Amendments requested
Vendor agreement updated before signing — in minutes, not days
Use case 05
Reviewing a new system description
The development team shares a short technical description of a new feature that will process customer location data. The compliance lead needs a fast read on the legal basis and risk before development starts.
Situation
New feature description
Location data processing for a mobile app
DPO Agent
Uploads the spec document
"Assess the legal basis and flag any risks"
Response
Legal basis assessed
Consent required + DPIA trigger flagged under GDPR art. 35
Outcome
Privacy by design built in
Recommendations sent to developers before sprint starts