Skip to content.

Secondary navigation

Get Your Demo
A digital abstract image showing glowing blue lines and geometric shapes, resembling a futuristic circuit board or data network on a dark background.

Agentic AI and data protection

Guidelines published by Spain’s data protection authority (Agencia Española de Protección de Datos, “AEPD”) in February highlight the many data protection issues that could arise through the use of artificial intelligence (AI) systems in the processing of personal data.  

In the guidelines, “Agentic Artificial Intelligence from the Perspective of Data Protection,” the AEPD emphasized that knowledge of agentic AI merely as a user is not enough. Rather, the AEPD stated, “it is necessary to understand its foundations, capabilities, limits, and the way in which it is implemented.”  

Furthermore, both the “irrational rejection” of agentic AI and its “uncritical acceptance” in the processing of personal data can be harmful, as the opportunities it offers for data-protection-by-design and as a privacy-enhancing technology tool in its own right “must be proactively seized,” the AEPD stressed. 

The guidelines – which are the most comprehensive on agentic AI issued by a European data protection authority, to date – provide an overview of AI systems and how they function; potential vulnerabilities that could arise in the context of organizations’ data protection obligations; threats posed by the authorized and unauthorized processing of data; and actionable compliance measures for mitigating these threats. 

Rather than cover all 71 pages of the comprehensive report exhaustively, we provide a summary of the actionable compliance measures organizations should adopt in the context of their data protection regulatory obligations.

Core vulnerabilities and compliance measures

The four potential vulnerabilities that could arise in the context of organizations’ data protection obligations that are discussed in detail in the guidelines provide a framework for the compliance measures that are later discussed. Those four vulnerabilities are: 

  • Interaction with the environment: This vulnerability includes access to organizational and user data, and the AI system’s ability to perceive and act externally to the organization 
  • Service integration: These are vulnerabilities created by agentic AI integrating with multiple services, whether local or external services 
  • Memory in AI agents: Memory speaks to an AI system’s ability to store and recall past contexts and experiences to improve decision-making, adaptation and performance 
  • Autonomy: This vulnerability concerns the autonomous use of AI agents, where explicit instructions from human users are not involved 

With these vulnerabilities in mind, the report continues to describe the following practical compliance measures for organizations to consider: 

Information-governance framework 

The AEPD highlights that a key foundational measure is having in place an information-governance framework, ensuring that “governance elements that arise from the use of agentic AI in processing can be mapped on top of existing ones or, if not, created.” The guidance lists 16 foundational elements of organizational governance that organizations should review. 

Accept that failure is possible, and prepare accordingly. “Trust in governance is not achieved by presupposing good intentions or thinking that implementations are infallible, but by designing processing that anticipate possible errors, abuses, gaps, bias and undesired effects,” the AEPD emphasized. Rather, it’s better to follow the principle of “safe failure,” designing the processing, adapting the systems that are part of the means of the processing, and preparing action plans to minimize the impact and manage incidents when they do occur. 

The guidance further stressed the importance of having a data protection officer who is familiar with data protection regulations, and technical and organizational measures. 

Continuous assessment of agentic AI 

The guidance also highlighted the importance of automated audits, including explicit examples of evaluation methods, such as benchmark testing, human-in-the-loop evaluations, A/B testing, and simulations in real environments. “A critical aspect of this assessment is the knowledge and analysis of the history of security breaches and incidents that have occurred in the evaluated services and in the agentic AI systems that incorporate them,” the guidance stated. 

Clear operating criteria and metrics – for example, transparency, reproducibility, control, compliance, and traceability – “must make it possible to identify when the agentic AI system and its components are behaving correctly and incorrectly,” the guidance stated. Golden testing practices, for example, are “procedures and data designed, repeatable, and prepared to compare the current result of a system with a reference result considered correct.” 

Additionally, contracts with digital service providers should be reviewed, especially following updates to terms and contracts. For components or services that impact data protection, data controllers should evaluate the conditions both when design decisions are made and dynamically or automatically during the lifecycle. Explainability audits and auditing the effectiveness of human supervision that has an impact on processing are also key elements. 

Data minimization 

The principle of minimization speaks to limiting the processing of personal data only to what is strictly necessary. In the context of agentic AI, organizations should implement an information policy that incorporates the “need to know” principle. For each data processing activity in which agentic AI is used, it must be clearly defined which services and data repositories can be accessed by the agents and the effectiveness of such access restrictions must be guaranteed. The guidance further discusses ways of filtering data streams concerning data communication with third parties and external parties, how to minimize “model leakage,” and how to pseudonymize users’ interactions with AI agents. 

Cataloging structured and unstructured data 

Organizations should know what data it has. Cataloging is defined as “a systematic method for inventorying, organizing, and managing data assets using metadata, facilitating their discovery, governance, and efficient use.” Cataloging should characterize the quality of the information stored, including its accuracy, relevance, age, scope, biases, regulatory conditions of use, and objective context. 

Cataloging unstructured data includes enrichment with metadata, automated labeling, or structuring of unstructured data. To do this, natural language processing (NLP)-based techniques, audio and video analysis, semantic pattern search, contextual retrieval, data loss prevention tools are used to identify and classify sources of information that incorporate personal, as well as sensitive or confidential, data, the guidance highlights. 

Memory management 

Memory control of an agentic AI system must be carried out on both short- and long-term memory. Organizations should establish procedures to catalog and manage the report’s content, allowing, for example, searchability by stored content and quality parameters, erasure, processing limitations or usage alerts.  

When an agentic AI system is used to implement different processing with any of its components, such as LLMs, it is advisable to use a “no log” policy or a zero-data retention policy at the component level. Strict retention periods and procedures should be established “for the elimination of data by specific and differentiated categories according to the needs of each of the components that make up the processing using Agentic AI,” the guidance advised. 

Disabling in-memory storage and applying long-term memory sanitization or scrubbing techniques is also necessary. Sanitization can be done by “automatically checking for harmful content, expiring unused or outdated entries, analyzing information consistency, finding and deleting unnecessary user credentials, information distillation, analyzing and removing bias, and strategies to force the user/administrator to perform periodic cleanups,” the guidance stated. 

Automation 

The degree of an AI system’s autonomy must be established by the controller for each processing activity, considering the context, scope, purposes, and risk impact. This decision must be “properly justified, evidence-based, and documented,” the guidance advised. 

As always, human supervision is critical. Organizations must determine when to integrate experts at critical points to validate, refine, or override agent decisions. “Human monitoring could be complemented with real-time automated monitoring to escalate any unexpected or anomalous behavior,” the guidance states.  

Furthermore, the guidance advised, automatic processes that have a significant impact on people’s rights should follow the principle of “four eyes,” meaning “double verification by different people, which constitute an additional layer of trust in the human supervision mechanism and promote the critical awareness of the operator.”

Read more about managing AI risks and compliance needs in this fast-moving space.

Read more

You may also like…

Ready for more? Check out our latest related articles.

  • Webinars Upcoming

    What’s New at NAVEX: AI and Compliance Workflows

    In this live, interactive Customer Tech Huddle session, you’ll see how risk and compliance teams are using NAVEX’ most recent software releases to operationalize work across investigations, training, policy and disclosure management, including AI-powered capabilities. Learn what’s new to help you reduce manual effort and friction, stay aligned to regulatory change and move faster with more connected, scalable workflows.

    Save your seat!

See more on similar topics: