EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Mitigating AI risks: A comparative analysis of Data Protection Impact Assessments under GDPR and KVKK

Arzu Galandarli
Additional contact information
Arzu Galandarli: World Medicine İlaç, Turkey

Journal of Data Protection & Privacy, 2025, vol. 7, issue 3, 252-273

Abstract: This paper critically examines the Data Protection Impact Assessment (DPIA) frameworks under the European Union’s (EU) General Data Protection Regulation (GDPR) and Turkey’s Personal Data Protection Law (KVKK), with a particular focus on mitigating the risks posed by artificial intelligence (AI) technologies. It identifies significant gaps and challenges within each framework, especially regarding AI-specific risks such as data inference, re-identification and algorithmic bias. By analysing the regulatory landscapes and enforcement practices in key jurisdictions including Germany, France and Ireland, the paper draws lessons that could strengthen KVKK’s ability to address emerging AI-related challenges. The study adopts a comparative approach, detailing the similarities and differences between GDPR and KVKK in their application of DPIAs, their approaches to cross-border data transfers and their regulatory strategies for automated decision-making systems. The research highlights practical challenges faced by organisations, including balancing innovation with compliance, managing cross-border data flows and conducting effective risk assessments for high-risk data processing activities involving AI. Key findings include the need for Turkey’s KVKK to develop explicit AI-focused regulatory guidance, introduce mandatory DPIAs for high-risk activities and enhance transparency and accountability mechanisms. The paper also identifies best practices such as adopting privacy by design and default, leveraging technical measures such as federated learning and differential privacy, and engaging proactively with supervisory authorities to align with global standards. The paper concludes with actionable recommendations for policy makers and practitioners to harmonise KVKK with GDPR, improve cross-border data protection and foster trust in AI systems while maintaining innovation. These insights aim to provide a roadmap for building a robust data protection framework that addresses both current and future challenges posed by AI technologies.

Keywords: Data Protection Impact Assessments; GDPR; KVKK; artificial intelligence; privacy by design; algorithmic transparency (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/9182/download/ (application/pdf)
https://hstalks.com/article/9182/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2025:v:7:i:3:p:252-273

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-04-23
Handle: RePEc:aza:jdpp00:y:2025:v:7:i:3:p:252-273