ai-deployment-checklist
Installation
SKILL.md
AI System Pre-Deployment Privacy Checklist
Overview
Deploying an AI system that processes personal data requires verification of privacy compliance across multiple dimensions before the system goes live. This checklist serves as a compliance gate in the Cerebrum AI Labs ML deployment pipeline. No AI system may be deployed to production until all mandatory items are verified and signed off by the Data Protection Officer (DPO). The checklist is structured around GDPR requirements, the EU AI Act obligations (for high-risk systems), and internal governance standards.
Pre-Deployment Compliance Gate
Gate 1: Legal Basis and DPIA
| Check | Requirement | Status | Evidence |
|---|---|---|---|
| Lawful basis documented | Art. 6(1) basis identified and recorded for all personal data processing | Required | LIA or consent records |
| Special categories assessed | Art. 9 data identified; explicit consent or Art. 9(2) exception documented | Required | Data classification report |
| DPIA completed | Art. 35 DPIA completed for high-risk processing (profiling, systematic monitoring, large-scale special categories) | Required if applicable | DPIA document signed by DPO |
| DPIA risks mitigated | All high/critical risks from DPIA have documented mitigations | Required | Risk treatment plan |
| Prior consultation | Art. 36 consultation with supervisory authority if residual risk remains high | Required if applicable | Consultation record |
| Legitimate interest assessment | If relying on Art. 6(1)(f), LIA balancing test completed | Required if LI basis | LIA document |
Related skills