Eleanor Weaver, Chief Executive Officer at Luminance, considers how artificial intelligence can assist law firms in managing and monitoring their data protection obligations.

Artificial intelliegence can rapidly identify information risks

The way that organisations manage and review their documents for data compliance can be unnecessarily complex, particularly when information is siloed across multiple email structures and document management systems. With artificial intelligence (AI) technology, legal teams are able to store all of their data in a single, streamlined platform.

 AI technology is then able to immediately read, form an understanding and categorise data, highlighting critical information. For example, AI can automatically identify all governing laws, which can help compliance teams understand which regional data legislation applies – as well as flagging clauses that refer to the protection of personal data. AI can also identify risks within a dataset; for instance, a missing document or clause wording which deviates significantly from a certain provisions laid down by the GDPR. With AI immediately highlighting this information, legal teams are able to quickly delve into specific clauses or contracts that need reviewing to assess data-related risks, ensuring that nothing is overlooked.

AI can spot areas of non-compliance within policies or contracts

Manually assessing documents to understand the risks and obligations in terms of data protection regulations can be a laborious, time-consuming task. AI is revolutionising this process – in real time, AI is able to automatically identify clauses or documents which deviate from other templated contracts or policies.

 Users also have the option of setting their own ‘model’ document or clause which is drafted to their perfect wording, for instance a ‘confidentiality’ clause which is GDPR-compliant. AI then compares this version to the other clauses or documents within the project, with red-lining and green-lining showing exactly how compliant or deviant the other contracts are from the ‘model’ version. This helps risk teams to quickly and easily understand which areas comply and which areas deviate and therefore must be amended.

Rethinking redaction with AI

It is stipulated under the GDPR that organisations must not share personal data with third parties, for instance during a commercial transaction. Relying on manual redaction processes – either printing out documents and blocking out sensitive information using a marker pen or doing the equivalent in a word processing tool - are inherently risky and prone to human error, as well as incredibly time and resource-intensive.

AI-powered redaction tools are now able to automatically identify Personally Identifiable Information (PII) within documents, including party names, email addresses, bank details, passport numbers and social security numbers. To expedite the review even further, users also have the option to select specific words or phrases- for instance, this could be all documents relating to a specific company- and AI is able rapidly surface all other examples, allowing lawyers to conduct a bespoke redaction review. With one click, users can then automatically redact all of this information across the dataset.

AI for data subject access requests and beyond

Responding to a data subject access requests (DSAR) can be a challenging, costly and often time-consuming process. Innovative AI technology is transforming this process for lawyers. AI is able to immediately remove obviously irrelevant and duplicative content like repetitive emails in the same email thread, helping teams to rapidly reduce their dataset and help focus their review on relevant material.

 AI can also be used to automatically surface Personally Identifiable Information (PII) like party names, passport numbers and addresses amongst data and then inverse redact all non-relevant information with a click of a button, ensuring a precise and efficient DSAR review.

 The scale of data protection regulation facing legal teams today makes it more important than ever that they are evolving to meet the needs of ever-tightening compliance measures. AI is a powerful new tool that every lawyer can have in their arsenal to assist them in keeping their clients and business data and risk compliant.


Eleanor Weaver is Chief Executive Officer at Luminance, a market-leading AI platform that uses machine learning to read and understand documents, enabling lawyers to conduct more rapid and insightful reviews. The platform is used by over 300 law firms and organisations in 50 countries worldwide.

Formerly a Director at Darktrace, she spent six years as Global Head of the organisation’s Industrial Division. In recognition of her achievements, Eleanor has received Law.com’s ‘Innovation Trailblazer Award’ and is one of Management Today’s ‘35 Women under 35’.