Built From What You Have: A Privacy Practitioner's Guide to AI Governance

Most organizations are being asked to govern AI before they can even answer a basic question: where is AI actually running inside the business? Privacy leaders, often the de facto owners of AI governance, are expected to stand up new programs while their existing privacy operations are already stretched. This session draws on practitioner experience leading privacy functions at global organizations to show how teams can extend what they already do well: data mapping, DPIAs, vendor reviews, RoPA into a working AI governance capability. We'll walk through where the overlaps are real, where AI genuinely demands new muscles, and the sequencing that has worked in practice.

What you will learn:

• A practical framework for mapping existing privacy program components (RoPA, DPIA, vendor risk, data inventory) onto AI Act and emerging AI governance obligations - so you build on what you have instead of starting over.
• Concrete tactics for tackling the AI discovery problem, including shadow AI and AI features embedded in existing SaaS vendors, before regulators or incidents force the question.
• An honest view of where the DPO-to-AI-governance-owner transition breaks down - the skills, stakeholders, and operating-model changes that privacy teams consistently underestimate.

Sponsored by MineOS