“Before proceeding to final deployment of the model built by the data analyst, it is important to more thoroughly evaluate the model and review the model’s construction to be certain it properly achieves the business objectives. Here it is critical to determine if some important business issue has not been sufficiently considered. At the end of this phase, the project leader then should decide exactly how to use the data mining results. The key steps here are the evaluation of results, the process review, and the determination of next steps.”^[1]

This phase involves several tasks that raise important data protection issues. Overall, the developer must:

• evaluate the results of the model, for instance, whether it is accurate or not; to this purpose, the AI developer might test it in the real world
• review the process: the developer could review the data mining engagement to determine if there is any important factor or task that has somehow been overlooked. This includes quality assurance issues.

These are the main actions that need to be addressed in this stage

• Introducing processes of dynamic validation
• Deleting unnecessary datasets
• Performing external audit of data processing

 

 

References

---

¹Shearer, C. (2000) ‘The CRISP-DM model: the new blueprint for data mining’, Journal of Data Warehousing 5(4): 13-23, p.17. Available at: https://mineracaodedados.files.wordpress.com/2012/04/the-crisp-dm-model-the-new-blueprint-for-data-mining-shearer-colin.pdf (accessed 15 May 2020). ↑

 

Checklist: evaluation (validation) ☐ The controllers have made sure that validation reflects the conditions in which the algorithm has been validated accurately ☐ The controllers have informed data subjects about additional processing at this stage. ☐ The controllers have ensured the removal of the dataset used for validation purposes, unless there is a lawful need to maintain them for the purpose of refining or evaluating the system, or for other purposes compatible with those for which they were collected ☐ The controllers have considered conducting a DPIA at this stage ☐ If the data subjects request the deletion of their data, the controller have adopted a case-by-case approach taking into account any limitations to this right provided by the Regulation). ☐ The controllers have considered an audit of the system by an independent third party