AI Governance, Data Protection & GRC

Strategic Advisory · Interim Consultancy · AI Literacy & Keynotes · Implementations & Effective Solutions

For Safe, Resilient & Future-Ready Societies

Start the Conversation
Start the Conversation
Context

Awarded the 2024 Nobel Prize in Physics, Geoffrey Hinton — the "Godfather of AI" — likened its arrival to the Industrial Revolution. He foresees intelligent assistants that will increase productivity across almost every industry. Yet this time, he warned, machines will "exceed people in intellectual ability."

The opportunity is vast. The shift in cognitive power is equally profound, reshaping how business and society operate.

Challenge

The same capabilities that make AI powerful also create new vulnerabilities, especially where governance lags behind. AI is already amplifying cyberattacks, enabling manipulation, and exposing institutions to short and long-term risk.

The ENISA Threat Landscape 2025 confirms the scale, speed, and sophistication of this shift. AI is redefining governance, risk, and compliance, and GRC must evolve with it.

How ART25 Helps

We help organisations and public institutions navigate this new landscape with confidence. We embed ethical AI and data protection by design across governance and operations, aligning with the EU AI Act, GDPR, and emerging international standards.

From leadership advisory to AI vendor due diligence to tailored training, we turn compliance into competitive advantage, enabling innovation with accountability.

Our Contribution

  • We help you build AI systems you can stand behind. We turn the EU AI Act and ISO/IEC 42001 into governance you can actually operate, covering your own projects, your suppliers, and the platforms you rely on.

  • Most AI and data risk originates from third-party vendors, as enterprise systems increasingly rely on AI-powered technologies. This risk must be proactively managed through contractual commitments and a structured, risk-based supplier governance framework. ART25 establishes this framework by classifying vendors based on risk and defining requirements across digital risk domains. We strengthen and negotiate contracts to embed these controls and capabilities, ensuring effective third-party risk management.

  • Equipping leadership teams and employees with the knowledge needed to understand AI risks, responsibilities, and regulatory expectations. Through targeted training and governance programs, organizations strengthen internal awareness and support compliant AI adoption.

  • Supporting organizations in strengthening privacy governance while integrating AI technologies into their operations. This includes embedding privacy-by-design processes aligned with the General Data Protection Regulation and ensuring responsible data use across AI-driven systems.

  • At ART25, our Founder Hummam Wasfi delivers keynote speeches and practical sessions on AI governance, data protection, and the future of GRC.

    As AI reshapes risk and decision making, he helps organisations rethink how governance, risk, and compliance operate in practice aligning them with the realities of the AI era.

    From C-suite to operational teams, his sessions break down silos between legal, IT, security, and business, translating complexity into clear, practical insight grounded in real-world experience.

    Available for summits, conferences, workshops, and executive or policy discussions.

  • We develop educational material and accessible content that helps society better understand AI, data protection, and cybersecurity risks, contributing to stronger public awareness and more responsible use of digital technologies.

Explore Service Catalog

AI is redefining risk, exposing the limits of traditional GRC models. Governance must evolve to manage velocity, volatility, and cross-domain complexity.

When a job title seems harmless.
But in the wrong hands, it becomes a starting point.

Watch more shorts
Watch more shorts

Services

Why ART25 Consulting?

Senior expertise, internationally certified in privacy and AI governance, with formal training in Swedish conformity assessment.

We offer your organisation senior expertise backed by the world's most prominent examined credentials in privacy and AI governance, complemented by formal training in Sweden's national conformity assessment framework.

International
Swedish

Select a credential above to read more.

International Association of Privacy Professionals (IAPP)

The world's largest information privacy community and the leading global authority on privacy and AI governance certification. The IAPP sets international standards, issues the most widely recognised examined credentials in the field, and convenes the global network of privacy and AI governance professionals across regulators, enterprises, and public institutions.

Fellow of Information Privacy

The IAPP's highest distinction, awarded to senior privacy professionals who hold multiple advanced examined certifications and have demonstrated sustained contribution to the global privacy profession.

Artificial Intelligence Governance Professional

Examined expertise in AI governance frameworks, responsible AI development, AI risk management, and alignment with emerging regulation such as the EU AI Act.

Certified Information Privacy Professional · Europe

Deep, examined knowledge of European data protection law, including the GDPR, the ePrivacy framework, and national supervisory-authority practice across the EU.

Certified Information Privacy Manager

Examined operational privacy management expertise: building, running, and measuring a privacy programme end-to-end, from governance structures to incident response and ongoing monitoring.

Certified Information Privacy Technologist

Examined technical privacy expertise: embedding privacy by design into systems and products, privacy-enhancing technologies, and the architecture behind data protection in practice.

Swedac — Swedish Board for Accreditation and Conformity Assessment

Sweden's national accreditation authority, established by the Swedish government. Swedac assesses and accredits laboratories, certification bodies, and inspection bodies to ensure they meet national and international standards, and is a central pillar of Sweden's regulatory and conformity assessment framework.

Swedac Assessor Training

Training completed through Swedac — the Swedish Board for Accreditation and Conformity Assessment — on assessing organisations within Sweden's national accreditation framework.

ISO/IEC 17025:2018 Training

Swedac training on the international standard for the competence of testing and calibration laboratories, covering reliability of results, impartiality, confidentiality, sample handling, calibration, traceability, and measurement uncertainty.

Featured
Deploying GRC Platforms in the AI Era: What Buyers Need to Know
Deploying GRC Platforms in the AI Era: What Buyers Need to Know
Shadow AI: A Critical Organisational and National Security Risk for 2026
Shadow AI: A Critical Organisational and National Security Risk for 2026
Sweden’s Cybersecurity Act has now entered into force
Sweden’s Cybersecurity Act has now entered into force
ISO 42001: How to Gain Competitive Advantage by Leveraging AI Governance
ISO 42001: How to Gain Competitive Advantage by Leveraging AI Governance
The EU GPAI Code of Practice: Advancing Trust Through Accountability
The EU GPAI Code of Practice: Advancing Trust Through Accountability
Japan Passes Landmark AI Law: A New Governance Model for the Age of Artificial Intelligence
Japan Passes Landmark AI Law: A New Governance Model for the Age of Artificial Intelligence
The New ISO standard for AI Impact Assessment: ISO/IEC 42005 Published in May 2025
The New ISO standard for AI Impact Assessment: ISO/IEC 42005 Published in May 2025
The Take It Down Act: U.S. Federal Law Addressing Non-Consensual Intimate Imagery and AI-Generated Deepfakes
The Take It Down Act: U.S. Federal Law Addressing Non-Consensual Intimate Imagery and AI-Generated Deepfakes
€530 Million in Fines: TikTok’s Costly Data Transfer Mistake and GDPR Lessons Learned for other companies
€530 Million in Fines: TikTok’s Costly Data Transfer Mistake and GDPR Lessons Learned for other companies
How to Operationalize Human Oversight in HR: Key Steps for AI Governance and Privacy
How to Operationalize Human Oversight in HR: Key Steps for AI Governance and Privacy
Shadows of Surveillance: How AI Exploitation Undermines National Security and Human Rights
Shadows of Surveillance: How AI Exploitation Undermines National Security and Human Rights
Could the current geopolitical tensions End EU-US Data Transfers. What Every C-Level Executive Should Prepare for
Could the current geopolitical tensions End EU-US Data Transfers. What Every C-Level Executive Should Prepare for
€1.2M Fine for Orange Telecom: How One Employee’s Mistake Led to a Massive GDPR Penalty
€1.2M Fine for Orange Telecom: How One Employee’s Mistake Led to a Massive GDPR Penalty
Blind Trust or Due Diligence? Managing Supplier Risks Before Disaster Strikes
Blind Trust or Due Diligence? Managing Supplier Risks Before Disaster Strikes
How Meta Pixel Mismanagement Led to Apoteket’s SEK 37 Million Fine
How Meta Pixel Mismanagement Led to Apoteket’s SEK 37 Million Fine
The EU AI Act: World’s first comprehensive AI Law as of August 2024
The EU AI Act: World’s first comprehensive AI Law as of August 2024

Articles

Read more
Read more

Testimonials

  • Arne Diedrichs, Director of Internal Audit - Vattenfall GMBH

    “Hummam is a dedicated and highly experienced senior data protection professional. At Vattenfall, he set up a strong data protection governance for employee data and developed and executed comprehensive GDPR training activities for the HR community.”

  • A middle-aged man with dark hair, glasses, and a beard smiling at the camera, wearing a black shirt and a dark blazer against a plain background.

    Jarek Finkielman, Enterprise Account Executive - Workiva

    ‘‘I had the pleasure of working with Hummam and saw first-hand the value he brings to organisations navigating complex GRC challenges. He has a strong ability to advise strategic accounts on best practices while also bringing a forward-looking perspective on emerging issues such as AI governance and digital risk. He’s particularly effective at engaging senior stakeholders, whether through strategic conversations or clear, well-structured software demonstrations that connect technology with real business needs’'

  • A woman with brown hair smiling at the camera against a white background.

    Anna Maric, Head of Operations Consumer Sales Nordic - Vattenfall AB

    “If you are looking for someone who knows data protection by heart, can guide you in what the options are, comes with constructive ideas and solutions, has the right mindset and is always helpful, that is Hummam. I can highly recommend him and it’s always a pleasure working with him…”

  • A woman with short, curly black hair and brown skin, smiling, wearing a black top with gold button details and gold hoop earrings, against a white background.

    Karla Cardozo, Solutions Consultant Senior Manager - Workiva

    ‘‘During his time at Workiva, Hummam made an impact through his collaborative personality and his dedication to learning our solutions. He successfully worked through the complexities of our platform to get up to speed on the technology. His specific knowledge in AI was a notable addition to the team, and I am sure he will bring a high level of knowledge and energy to any organization he joins. I believe his insights into AI use cases and governance will be of value to any organization he supports’’

  • A black-and-white close-up portrait of a man with glasses, a beard, and a shaved head, wearing a collared shirt.

    Daniel Scholte Senior Security Consultant, CISM, CCSP, CCISO - Vattenfall NV

    “I had the pleasure of working with Hummam on a large IT transformation program. I can confidently say that his expertise in these areas are exceptional. he has an impressive ability to navigate complex regulatory frameworks and ensure that all processes align perfectly with highest standards and best practices.  Additional to his profound knowledge in data privacy, Hummam is also a skilled negotiator. He has consistently secured favorable terms while maintaining strong and positive relationships with all parties involved’’

  • A young woman with long brown hair, bright blue eyes, and a slight smile, wearing a black high-neck shirt, against a dark background.

    Lovisa Mannerstråle, Head of HR - EN WELL AB

    I have worked with Hummam for over 1 year in a large IT transformation project. He is more than able to present highly complex situations and challenges to all level of stakeholders, and is able to combine in-depth data protection and security competence. He is a very appreciated colleague and always has a positive can do attitude bringing both energy and competencies to every situation.

  • Patrick Roscher Senior HR Professional, Certified Leadership Coach - Roscher Coaching

    ‘‘Working with Hummam is always a pleasure as I can confidently state that he is acting with the right mindset: being always there if needed, giving proactive advice, and at the same time always having the big picture in mind. He is solution-oriented and by that a super team player which brings any project to the next level. Also, of course, super fun, energetic, and humble, which makes it even easier to cooperate. Definitely a big win for any team and company’’

  • A young woman with long blonde hair wearing a blue denim shirt and small hoop earrings, sitting against a plain background.

    Neele Bohmbach, Process Manager - Vattenfall GMBH

    ‘‘What sets Hummam apart is his ability to connect with everyone and make work both fun and meaningful, regardless of their technical background. When leading DPIA workshops or assisting teams in incorporating data protection into projects; he transforms it into a practical experience that highlights risks while offering actionable solutions. Hummam helps the business view data protection as a strength rather than an obstacle, fostering a collective commitment to embracing it together’’

Get in touch