PyleHoundUnsorted client data? How to automate the review of TOMs in accordance with Article 32 of the GDPR
Do you know this situation? You request documents for the creation of technical and organizational measures (TOMs) according to Article 32 GDPR, and what you receive is a digital shoebox: A folder full of unsorted policies, technical data sheets, lengthy explanations, and outdated documents. Manual sifting to find out what exactly is regulated how costs lawyers valuable hours.
In this article, we show you how you can radically shorten this process with PyleHound and combine quality assurance with efficiency.
Key Takeaways
- Automated structuring: Transformation of a "wild mix" of client documents into structured drafts.
- Gap detection: Targeted prompting immediately reveals missing information (gaps) in the TOMs.
- Source certainty: Every generated sentence can be proven with a linked source from the original documents.
How does AI support the analysis of unsorted compliance documents?
AI supports the analysis through semantic search, which recognizes relevant content contextually and extracts it from various file formats without requiring prior manual sorting.
Instead of opening every document individually and scanning for keywords, simply drag & drop the entire folder – the "wild mix" – into the PyleHound knowledge base. The system indexes the content immediately and makes it available for processing.
The process at a glance:
- Import: Upload of all received files (PDFs, Word, etc.) into the project.
- Contextualization: The AI understands the content of the documents, regardless of whether it is a password policy or a backup concept.
How can TOMs according to Art. 32 GDPR be created automatically?
TOMs can be created automatically by giving the AI a specific prompt that provides the requirements of Art. 32 GDPR as a structure and instructs the AI to map the corresponding information from the uploaded documents.
An effective prompt for this reads:
"Create for me the technical and organizational measures according to Art. 32 GDPR. If something is missing, add the knowledge gap in square brackets and do not invent anything."
This command fulfills two functions:
- Structuring: It forces the AI to pour the found information into the legal grid of Art. 32.
- Hallucination avoidance: The explicit instruction not to invent anything ensures factual fidelity to the client documents.
How do you identify missing details in client documents efficiently?
Missing details are identified through the instruction to mark knowledge gaps, whereby the AI explicitly shows where the available documents do not cover the statutory requirements.
In the video example, we see the result clearly: PyleHound creates the draft and uses square brackets for gaps, such as:
- [Knowledge gap: Details on resilience are missing]
- [Knowledge gap: Specific methods of pseudonymization are not mentioned]
Your advantage: You do not have to laboriously check what is not there. You receive a finished deficiency list with which you can specifically ask the client.
How do you ensure the reliability of the AI-generated drafts?
Reliability is ensured through transparent source citations and the possibility for direct verification of the quotes (Human-in-the-Loop).
Trust is good, legal control is better. PyleHound delivers no "Black Box" results:
- Quote preview: Before generation, the tool displays the found text passages (with a "Match Score", e.g., 80% match). You can exclude irrelevant quotes with a click.
- Source references: In the finished document, the source (e.g.,
Backup-policy.pdf) is referenced behind every statement.
This enables you a quick validation of the results without giving up sovereignty over the final text.
Conclusion
Checking TOMs does not have to be a waste of time through churning through unsorted files. With the right workflow, you transform chaotic inputs into structured, legally secure work results and identify gaps in seconds instead of hours.
Would you like to accelerate your document analysis? Test PyleHound now.
Transcript
Welcome back! Today we are starting with the creation of technical and organizational measures according to Article 32 GDPR. Here we often have a folder with unsorted policies, documents, with yes... technical documents possibly, with pages-long explanations on how what is concretely regulated in which company. And here PyleHound helps well, of course. My client has provided me with a wild mix of different documents. All important topics, all things that must go into the TOMs. And I would say, let's create the technical and organizational measures directly at this point from the documents provided.
And now I will do it as follows: I will prompt now: 'Create for me the technical and organizational measures according to Article 32 GDPR.' Then PyleHound has a structure, it knows Article 32 GDPR of course. But then I don't know now: Is everything really contained in the documents? So it could be that not everything was provided at all. That means, I am now giving PyleHound the hint: 'If something is missing, add the knowledge gap in square brackets and do not invent anything.' So it should not invent anything. Furthermore, we want to know what is still missing, to be able to note it to the client in case of doubt and to ask specifically. That is already very helpful.
And then I would say, down here I see the TOMs, the project is supplemented. Let's get started. So, we now have here once again the possibility to check individual quotes that could be relevant to the topics and to say: Man, do I want to go through here again? What is available in the policies at all? Very helpful, I would say, if we don't have an overview yet which documents were actually provided. Can we select again here... hmm, low match, 20 percent. PyleHound has performed the semantic search here again. That means, everything that is in connection with Article 32, with technical and organizational measures, that has now been gathered here. And the nice thing is: We don't have to trust the LLM here – as is so often the case (we can, but we don't have to), but we can accompany it the whole time. Have full control during the whole process and can specifically select found quote passages or even exclude them. I could do that here now with a click. But at this point I trust PyleHound enough that I say: Man, that all looks very good. Create for me the technical and organizational measures from the selected quotes. And off we go.