36

7. The Undercut

Privacy Culture | July 9, 2026

The Observation

The undercut is one of Formula 1's most effective strategic weapons, and one of its most unforgiving. It requires every element to execute at exactly the right moment. One slow wheel change or a mistimed call and the entire strategy unravels.

The conversation about AI risk focuses almost entirely on model behaviour: hallucinations, bias, jailbreaks. The actual risk in enterprise deployment is organisational. Who reviews the agent's output? What happens when an AI-driven workflow makes a decision that crosses a departmental boundary? Who owns the error when automation produces an outcome that is technically compliant but commercially damaging? These are governance and culture problems, not engineering problems, and they tend to be invisible until something goes wrong.

What This Means for Data Privacy

For every AI workflow that touches personal data, there is a question about where the human review point sits and what the escalation path looks like. When an AI agent sends an email, updates a customer record, or triages a complaint, the controller accountability does not change, but the practical chain of oversight may have gaps that are not immediately obvious.

Every undercut needs a race engineer who calls the pit window and holds the strategy. In AI agent workflows, that is the human review point, and when it is missing, the strategy fires at the wrong moment. Where there is no human review point in an AI workflow, there may also be an automated decision-making consideration under Article 22 that is worth assessing. We see organisations deploying agent-style workflows without recognising they have crossed that threshold. Mapping the decision chain before deployment, rather than after an incident, tends to surface these issues early enough to address them.

Related Articles

Loading...