s.m

Expanding a compliance portal to handle the complexities of new AI regulations.

Overview

When the EU AI Act was introduced, it created a massive, intimidating shift for the industry. Most companies were staring at a scary legal PDF with no idea how to actually "do" compliance. While GDPR Local already had an existing portal for data protection, it wasn't equipped for these specific new AI requirements. Our team’s mission was to design and integrate a new suite of features that guided companies through this legal maze, turning a heavy regulatory burden into a manageable digital workflow. We worked on 5 new features: AI Literacy, AI Representative, AI Risk Assessment, AI Governance and AI Officer.

This case study focuses on the AI Risk Assesment feature.

The Challenge

For Clients

Clients often didn't know which technical details were relevant to the law. They felt overwhelmed by vague requirements and lacked a clear status on their product’s audit readiness.

For Data Protection Officers

DPOs were chasing technical specs through endless email chains. Without a centralized place to validate specific milestones, it was impossible to maintain a clear "source of truth" for multiple products at once.

Discovery

The "Research" phase was a deep dive into the legal requirements of Article 4, combined with a series of interviews with internal DPOs (Data Protection Officers) to understand where the current process stood.

What we learned?

Through the discovery sessions, we identified two friction points that guided the decisions we made:

The Status Gap:

Clients felt anxious because they couldn't see progress. DPOs were overwhelmed because they couldn't track it. We found that 80% of the friction came from "Status Checking" emails, not the actual legal work.

The Offline Reality:

Compliance doesn't just happen in an app, it happens on Zoom calls and in strategy meetings. We discovered that a rigid, automated system would fail. We needed a "Hybrid" model where humans could manually validate progress.

The Process

We focused on three key areas to turn this complex technical audit into a smooth, manageable experience.

  1. The Product

We organized everything around the AI Product itself.

 

The client can have multiple AI tools in parallel. Each product has its own dedicated space, ensuring that technical docs for a "Chatbot" don't get mixed up with the specs for a "Data Model."

  1. Hybrid Progress Stepper

In the real world, compliance isn't just about uploading a file, it’s about the strategy calls that happen in between.

 

We designed a stepper that allows the DPOs to manually validate milestones reached during offline consultations. This ensures the digital progress bar always matches the real-world work. If a strategy is agreed upon in a meeting, the DPO can "check it off" in the portal instantly.

Milestone Tracking

HLFF

Plan Agreed

AI Compliance Checker

AI DPIA

Risk Assesment Completed

Compliance Report

Handover

This stepper tracks your progress toward full compliance. Steps are updated manually by your DPO following offline consultations.

  1. Review & Comment Loop

We integrated a contextual commenting system that keeps the conversation tied to the document, making it easy for the client to see exactly what needs to be tweaked to hit "Completed" status.

Results

By shifting the design challenge from simply displaying data to creating 'actionable sales intelligence', we transformed this part of the client portal from a static database into a decision making interface.

Radical Transparency: Clients no longer had to ask, "Where do we stand?" They could log in and see exactly which steps were validated and what was still pending.

Operational Scale: DPOs were able to manage more products simultaneously because the system handled the "tracking" while they focused on the "evaluating."

Faster Turnaround: The direct feedback loop in the portal slashed the time it took to move a product from "Started" to "Assessment Completed."

Thanks for stopping by.

sara.markovska

Expanding a compliance portal to handle the complexities of new AI regulations.

Overview

When the EU AI Act was introduced, it created a massive, intimidating shift for the industry. Most companies were staring at a scary legal PDF with no idea how to actually "do" compliance. While GDPR Local already had an existing portal for data protection, it wasn't equipped for these specific new AI requirements. Our team’s mission was to design and integrate a new suite of features that guided companies through this legal maze, turning a heavy regulatory burden into a manageable digital workflow. We worked on 5 new features: AI Literacy, AI Representative, AI Risk Assessment, AI Governance and AI Officer.

This case study focuses on the AI Risk Assesment feature.

The Challenge

For Clients

Clients often didn't know which technical details were relevant to the law. They felt overwhelmed by vague requirements and lacked a clear status on their product’s audit readiness.

For Data Protection Officers

DPOs were chasing technical specs through endless email chains. Without a centralized place to validate specific milestones, it was impossible to maintain a clear "source of truth" for multiple products at once.

Discovery

The "Research" phase was a deep dive into the legal requirements of Article 4, combined with a series of interviews with internal DPOs (Data Protection Officers) to understand where the current process stood.

What we learned?

Through the discovery sessions, we identified two friction points that guided the decisions we made:

The Status Gap:

Clients felt anxious because they couldn't see progress. DPOs were overwhelmed because they couldn't track it. We found that 80% of the friction came from "Status Checking" emails, not the actual legal work.

The Offline Reality:

Compliance doesn't just happen in an app, it happens on Zoom calls and in strategy meetings. We discovered that a rigid, automated system would fail. We needed a "Hybrid" model where humans could manually validate progress.

The Process

We focused on three key areas to turn this complex technical audit into a smooth, manageable experience.

  1. The Product

We organized everything around the AI Product itself.

 

The client can have multiple AI tools in parallel. Each product has its own dedicated space, ensuring that technical docs for a "Chatbot" don't get mixed up with the specs for a "Data Model."

  1. Hybrid Progress Stepper

In the real world, compliance isn't just about uploading a file, it’s about the strategy calls that happen in between.

 

We designed a stepper that allows the DPOs to manually validate milestones reached during offline consultations. This ensures the digital progress bar always matches the real-world work. If a strategy is agreed upon in a meeting, the DPO can "check it off" in the portal instantly.

Milestone Tracking

HLFF

Plan Agreed

AI Compliance Checker

AI DPIA

Risk Assesment Completed

Compliance Report

Handover

This stepper tracks your progress toward full compliance. Steps are updated manually by your DPO following offline consultations.

  1. Review & Comment Loop

We integrated a contextual commenting system that keeps the conversation tied to the document, making it easy for the client to see exactly what needs to be tweaked to hit "Completed" status.

Results

By shifting the design challenge from simply displaying data to creating 'actionable sales intelligence', we transformed this part of the client portal from a static database into a decision making interface.

Radical Transparency: Clients no longer had to ask, "Where do we stand?" They could log in and see exactly which steps were validated and what was still pending.

Operational Scale: DPOs were able to manage more products simultaneously because the system handled the "tracking" while they focused on the "evaluating."

Faster Turnaround: The direct feedback loop in the portal slashed the time it took to move a product from "Started" to "Assessment Completed."

Thanks for stopping by.

sara.markovska

Expanding a compliance portal to handle the complexities of new AI regulations.

Overview

When the EU AI Act was introduced, it created a massive, intimidating shift for the industry. Most companies were staring at a scary legal PDF with no idea how to actually "do" compliance. While GDPR Local already had an existing portal for data protection, it wasn't equipped for these specific new AI requirements. Our team’s mission was to design and integrate a new suite of features that guided companies through this legal maze, turning a heavy regulatory burden into a manageable digital workflow. We worked on 5 new features: AI Literacy, AI Representative, AI Risk Assessment, AI Governance and AI Officer.

This case study focuses on the design of the AI Risk Assessment feature.

The Challenge

For Clients

Clients often didn't know which technical details were relevant to the law. They felt overwhelmed by vague requirements and lacked a clear status on their product’s audit readiness.

For Data Protection Officers

DPOs were chasing technical specs through endless email chains. Without a centralized place to validate specific milestones, it was impossible to maintain a clear "source of truth" for multiple products at once.

Discovery

The "Research" phase was a deep dive into the legal requirements of Article 4, combined with a series of interviews with internal DPOs (Data Protection Officers) to understand where the current process stood.

What we learned?

Through the discovery sessions, we identified two friction points that guided the decisions we made:

The Status Gap:

Clients felt anxious because they couldn't see progress. DPOs were overwhelmed because they couldn't track it. We found that 80% of the friction came from "Status Checking" emails, not the actual legal work.

The Offline Reality:

Compliance doesn't just happen in an app, it happens on Zoom calls and in strategy meetings. We discovered that a rigid, automated system would fail. We needed a "Hybrid" model where humans could manually validate progress.

The Process

We focused on three key areas to turn this complex technical audit into a smooth, manageable experience.

1. Product-Centric Approach

We organized everything around the AI Product itself.

 

The client can have multiple AI tools in parallel. Each product has its own dedicated space, ensuring that technical docs for a "Chatbot" don't get mixed up with the specs for a "Data Model."

  1. Hybrid Progress Stepper

In the real world, compliance isn't just about uploading a file, it’s about the strategy calls that happen in between.

 

We designed a stepper that allows the DPOs to manually validate milestones reached during offline consultations. This ensures the digital progress bar always matches the real-world work. If a strategy is agreed upon in a meeting, the DPO can "check it off" in the portal instantly.

Milestone Tracking

HLFF

Plan Agreed

AI Compliance Checker

AI DPIA

Risk Assesment Completed

Compliance Report

Handover

This stepper tracks your progress toward full compliance. Steps are updated manually by your DPO following offline consultations.

  1. Review & Comment Loop

We integrated a contextual commenting system that keeps the conversation tied to the document, making it easy for the client to see exactly what needs to be tweaked to hit "Completed" status.

Results

By introducing these features to the portal, we transformed how AI products get audited:

Radical Transparency: Clients no longer had to ask, "Where do we stand?" They could log in and see exactly which steps were validated and what was still pending.

Operational Scale: DPOs were able to manage more products simultaneously because the system handled the "tracking" while they focused on the "evaluating."

Faster Turnaround: The direct feedback loop in the portal slashed the time it took to move a product from "Started" to "Assessment Completed."

Thanks for stopping by.