Jhonathan C.

Provide detailed legal analyses and opinions for new product features, translating GDPR, LGPD and BSI/ISO technical norms into clear, testable engineering requirements.

Establish, implement and continually improve an AI Management System (AIMS) under ISO/IEC 42001:2023—covering scope, leadership commitment, risk assessment, lifecycle controls, transparency and post‑market monitoring—to certify trustworthy AI practices and prove alignment with the EU AI Act.

Execute top‑down privacy‑compliance strategies that map NIST Privacy Framework controls to corporate objectives, embedding privacy‑by‑design and explainable AI (XAI) checkpoints into every development sprint.

Identify and mitigate risks in data acquisition, analytics, anonymisation and AI‑model bias, applying safeguards such as encryption, differential privacy and robustness testing, and documenting evidence for audits.

Lead EU AI Act conformity preparation for high‑ and limited‑risk systems—performing risk tiering, compiling Annex IV technical documentation, planning CE‑mark steps and coordinating external assessments.

Collaborate with product and engineering teams to convert governance requirements into user‑story acceptance criteria, definition‑of‑done checklists and automated compliance gates in CI/CD pipelines.

Develop the institute's first Data and AI Governance Framework, compliant with GDPR and the AI Act, establishing a standard for data protection (privacy by design) in advanced AI projects.

Research legal standards and integrate insights across disciplines to form governance policies, enhancing the security and ethical management of extensive datasets.

Design and implement risk assessment methodologies and data governance protocols that meet GDPR requirements, directly contributing to increased data integrity, data mapping and information security in ongoing AI research.

Co-authoring an influential Machine Learning/AI Act research paper, in collaboration with the team leader.

Developed Machine Learning pipelines and a Neural Network model aligned with the AI Framework, contributing to the enhancement of a project published in the journal Nature ('An interpretable data-driven prediction model to anticipate scoliosis in spinal muscular atrophy in the era of (gene-) therapies').

Developed GDPR-compliant frameworks for AI/ML projects, enhancing the ethical handling of sensitive datasets.

Led a team that performed comprehensive AI/ML risk assessments to identify and mitigate compliance risks, ensuring 100% adherence to data protection laws and the AI ACT.

Implemented privacy-by-design principles collaboratively across multiple development cycles, integrating GDPR compliance into new and existing web technologies and data analytics platforms.

Implemented IT and data security protocols related to the safeguarding of sensitive and personal data in line with GDPR.

Data Protection Impact Assessments (DPIA) to identify and mitigate risks related to personal data processing activities.

Promoted GDPR training to enhance regulation awareness and ethical practices, which contributed to a great reduction in privacy-related incidents among tech teams.