Skip to content
Bizzi AI Governance Framework
Pillar II: Legal and Regulatory · § 03

Data protection and privacy under Decree 13/2023

Invoices and financial documents are full of personal data. Buyer names, phone numbers, individual tax IDs, sometimes national ID numbers. The moment that data crosses into a commercial LLM API, three risks open up. The vendor retains it to train their model. It leaks through logs or shared response paths to another tenant. Someone unauthorized accesses it. Decree 13/2023 requires you to control all three. This section explains how.

Context

Section titled “Context”

The seven principles in Decree 13/2023 are not abstract aspirations. They are enforceable rules with breach-notification obligations attached. Your job as a B2B AI processor is to map each principle to a concrete product control. An auditor or a customer DPO must trace any of your claims back to a running mechanism.

How we implement

Section titled “How we implement”

The seven principles of Decree 13/2023 and the Bizzi control implementing each.

#Principle (Decree 13)How Bizzi implements it
1Lawful, fair, transparentCustomer Disclosure Policy. AI Disclaimer in the UI
2Purpose limitationEvery AI feature has documented data lineage. No re-purposing outside the registered purpose
3Data minimizationPII Redaction at the gateway before any LLM call. Only the minimum required data leaves your perimeter
4AccuracyFull audit trail on every modification. DSAR response in under 30 days
5Storage limitationRetention policy per the Data Classification Standard (Pillar IV §3). Automatic deletion at expiry
6Integrity and confidentialityAES-256 at rest, TLS 1.3+ in transit. Access controls per Pillar V §9
7AccountabilityNamed DPO. Live ROPA. Internal audit twice a year (Pillar I §10)

PII Redaction is the central technical control

Section titled “PII Redaction is the central technical control”

The pipeline.

  1. OCR extracts text from the PDF or image.
  2. The PII detector scans the OCR output and identifies personal fields.
  3. Detected PII is replaced with placeholders. [PERSON_1], [PHONE_1], [NATIONAL_ID_1].
  4. The redacted text is sent to the LLM for downstream processing.
  5. The LLM response returns to the Bizzi backend. The placeholder-to-real-value mapping lives only in the internal OLTP database, behind strict access controls.
  6. The UI re-hydrates real values for authorized users. Reports and audit logs carry only placeholders.
Section titled “Consent management for training data”

Bizzi does not use customer personal data to train models without explicit consent. The concrete rules.

  • Base model training data. Anonymized or synthetic only.
  • Customer fine-tunes. Confined to that customer’s tenant, never cross-tenant, governed by the DPA.
  • Evaluation data. Anonymized, or covered by explicit consent.

DSAR. Data Subject Access Requests

Section titled “DSAR. Data Subject Access Requests”

Data subjects have the right to access, correct, and delete their data. The DSAR workflow.

  1. The customer (as Controller) forwards the request to Bizzi through the contracted channel.
  2. Bizzi verifies the subject’s identity.
  3. Bizzi retrieves the relevant records via audit trail and data lineage.
  4. Response is delivered within 30 business days with the full report.
  5. Deletion is propagated across OLTP, OLAP, vector DB, and backups to the technically feasible boundary defined in the retention policy.

Standards mapping

Section titled “Standards mapping”