What are the GDPR implications of Neo?
Neo is designed to be fully compliant with the <strong>General Data Protection Regulation (GDPR)</strong> and Capgemini’s internal data protection policies. Here are the key points:
- Data Security & Privacy Controls
- Neo adheres to Capgemini’s data security and privacy policies, including encryption of sensitive Personally Identifiable Information (PII), role-based access controls, and session-based data handling.
- Uploaded documents are not stored beyond the session unless explicitly saved, and all data handling is subject to Data Protection Officer (DPO) approvals.
- No External Data Sharing
- Although Neo is built on Google’s Gemini GenAI model, it is fine-tuned exclusively on Capgemini’s internal data.
- No data is shared with Google or any third party, and enterprise-grade security measures are enforced.
- User Control & Transparency
- Users can delete their data at any time, and all access and usage are logged for auditability.
- Neo does not learn from individual user behavior, which aligns with GDPR’s principles of data minimization and purpose limitation.
Leave a Reply