The DPO’s AI Toolkit: What to Automate, What to Control

Maria Golofaeva is a seasoned privacy professional and legal strategist whose career focuses on bridging complex regulatory realities with fast-moving AI and data environments.

She currently serves as Data Protection Officer at Toloka and Senior Privacy Lawyer at Nebius, where she helps organizations build trust and accountability in their AI and data-driven operations.

Previously, Maria worked as Lead Legal Counsel at Yandex, managing privacy and compliance in one of the region’s largest technology companies. She holds strong credentials in data protection (including CIPP/E) and brings hands-on experience in compliance, governance, and technology oversight.

At Toloka and Nebius, Maria is deeply involved in developing responsible AI practices — from model governance and data retention to automation in privacy processes. She frequently speaks about the evolving role of DPOs and how legal teams can embrace AI without losing control.

Maria is known for her pragmatic approach: enabling smart automation where it helps, while keeping accountability, transparency, and human judgment at the core of privacy practice.

Krete Paal is the CEO of GDPR Register, where she leads the development of AI-powered tools that make privacy compliance scalable and practical for organisations across Europe. With a strong background in data protection and legal tech — from heading Veriff’s DPO Office to earlier work with the Estonian Police and Border Guard — Krete combines deep regulatory expertise with product leadership. At GDPR Register, she brings a forward-looking perspective on how AI can support GDPR compliance and align with emerging regulations, turning complex requirements into clear, actionable workflows.