Use case 01
Data breach response
A DPO discovers at 4pm that a misconfigured cloud storage bucket has exposed customer records for 3 days. The clock is ticking — has the 72-hour notification window already passed?
Situation
Cloud bucket exposed
Customer data accessible for 72+ hours
DPO Agent
Asks DPO Agent
"Has the 72-hour notification window passed?"
Response
Precise guidance
GDPR art. 33(1): notify without undue delay + reasons for delay
Outcome
Notifies Datatilsynet
With delay justification — within hours
Use case 02
DPIA assessment
IT proposes a new HR platform with biometric login and automated performance scoring for 800 employees. The DPO must decide: is a Data Protection Impact Assessment required?
Situation
New HR system
Biometric + automated scoring for 800 staff
DPO Agent
Asks DPO Agent
"Does this processing require a DPIA?"
Response
Yes — 3 criteria met
Biometric data + automated decisions + large scale (WP248)
Outcome
DPIA initiated
With structured assessment note from DPO Agent
Use case 03
AI Act compliance
The recruitment team wants to deploy an AI tool that automatically ranks and filters job applicants. The DPO must assess the risk classification under the EU AI Act.
Situation
AI recruitment tool
Automated applicant ranking and filtering
DPO Agent
Asks DPO Agent
"Is this AI tool high-risk under the EU AI Act?"
Response
High-risk confirmed
AI Act Annex III: employment decisions = high-risk category
Outcome
Compliance roadmap
Risk mgmt, human oversight, conformity assessment