Data Governance — Data Governance
Data Governance — EU/UK aligned
EU AI Act Compliance Data Governance EU/UK aligned
+ On this page
Key takeaways
- Know your data: legal basis, licenses, cohorts, limitations — and prove it with lineage.
- Bias mitigation is a process, not a one-off: measure, compare, fix and re-measure.
- Privacy engineering (minimisation, redaction, unlearning) is first-class, not optional.
Provenance & licensing
- Record collection source, ownership, license terms, and constraints (e.g., non-commercial).
- Keep a chain-of-custody for each dataset; store vendor attestations for third-party data.
Lawful basis & purpose limitation
- Justify lawful basis (consent, contract, legitimate interests, etc.); capture purpose statements.
- Prevent scope creep: changes in use trigger impact assessment and notices where applicable.
Quality & representativeness
- Coverage analysis; missingness; noise; duplicates; label quality; leakage checks.
- Document exclusions and their impact on accuracy/fairness; keep gap remediation plans.
Privacy engineering
- Minimise, pseudonymise and redact; apply DP where appropriate; stop PII in prompts/outputs.
- Model unlearning strategy; DSR handling (access/erasure); privacy threat modelling.
Dataset lineage & versioning
- Track dataset versions, transforms, filters, joins; link to model versions and evaluation runs.
- Keep “as-trained” and “as-deployed” evidence snapshots for audits and incident analysis.
Bias detection & mitigation
- Define parity metrics per cohort; test pre-training, fine-tuning and inference.
- Mitigation techniques (re-weighing, sampling, post-processing); document trade-offs.
Security & access controls
- RBAC/ABAC; approvals for sensitive columns; secrets management; egress controls.
- Encrypt at rest/in transit; monitor access with anomaly detection.
Retention & deletion
- Retention schedule per source; defensible deletion; tombstones for audit.
- Document what cannot be deleted (e.g., derived features) and the risk rationale.
Model-generated data & feedback
- Separate training vs feedback vs analytics pools; minimise PII; consent for re-use if needed.
Supplier/third-party data
- Due diligence; SLA for incidents; notice obligations; termination/return-of-data clauses.
Evidence & records
- Data cards, lineage reports, approval tickets, DPIAs/LIAs, privacy tests, and bias audit results.
Implementation checklist
- Provenance/licensing recorded; lawful basis documented; bias plan live; lineage and retention enforced.
© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 05 Nov 2025 • This page is general guidance, not legal advice.
Related Articles
Data Governance & Lineage — Data Management
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Data Governance & Lineage EU AI Act Compliance Data Management EU/UK aligned + On this page On this page Principles & roles Data catalog & ...
Governance, Evidence & Records — Foundations
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Governance, Evidence & Records EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Org structure & roles Policies & decision ...
Implementation Checklists — Foundations
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Implementation Checklists (build → approve → operate) EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Classify & plan ...
Vendor Due Diligence & Contracts — Foundations
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Vendor Due Diligence & Contracts EU AI Act Compliance Foundations EU/UK aligned + On this page On this page Overview & risk tiers Due diligence ...
Post-Market Monitoring & Serious Incidents (EU/UK aligned)
Zen AI Governance — Knowledge Base • EU/UK alignment • Updated 05 Nov 2025 www.zenaigovernance.com ↗ Post-Market Monitoring & Serious Incidents (EU/UK aligned) EU AI Act Compliance Regulatory Knowledge EU/UK aligned + On this page On this page ...