15/27 runs · avg score 69%
Cross-benchmark category
Privacy and GDPR Compliance
Compare AI agent runs for Privacy and GDPR Compliance: prompts, scores, grades, and public traces. This page showcases APEX-Agents tasks that test whether AI agents can analyze privacy incidents, determine GDPR breach notification obligations, assess cross-border transfers, and reason about supervisory authority exposure.
Published model evidence
A quick view of shareable runs in this category. Open task and trace pages for the prompt, response, files, and grading details.
11/31 runs · avg score 62%
10/31 runs · avg score 59%
10/31 runs · avg score 50%
8/31 runs · avg score 47%
6/31 runs · avg score 37%
Primary tasks
31 tasks with this category as their main focus.
Northstar is evaluating a situation where Bluequill had utilized the EU personal data received by its analytics module from Northstar, and utilized it for the purposes of sending out marketing emails …
Northstar's CEO sent me an email asking for a summary of the company’s liability under US privacy law if the incident occurred to a US customer based in Colorado. Please take the lead on drafting a hi…
Northstar's US customer, Zellwerk, reported a system-wide outage that delayed access to shipment-tracking data containing health-related product identifiers and customer account IDs. During the outage…
HarborView requires all customer documents to be sent to their offices in the Cayman Islands headquarters, including information of Hong Kong customers. We’ve also already sent them documents as part …
We have received a claim from Thomas Whitaker’s counsel asserting that Magnolia breached its obligations by failing to provide weekly communication to Mr. Whitaker's family. Provide the strongest argu…
Chasing Streams fired its entire facilities department and Head of Production before ParaZon acquired it. Sarah Rodriguez filed a Complaint on July 4, 2025 against ParaZon claiming not enough notice w…
Susan Whitaker has filed three successive Complaints against Magnolia Gardens. The first is the original Complaint, the second Is the First Amended Complaint, and the third is the Second Amended Compl…
Using the discount approval logs and the KPI chart, I'd like to get one number that tells me how risky our discounting behavior is right now. Looking at deals where the final approved discount exceede…
Can you review Sections 8.4, 9.1, 9.3,10.1,14.7 in our MSA, against the below outage scenario? A faulty update causes endpoint failures. The customer sends a breach notice by email to a support inbox…
During the first 48 minutes of the EU production outage, Northstar's engineering team exported one or two bundled sets of EU production event logs containing personal data to the U.S. analytics vendor…
We want to get ahead of preparing a settlement agreement for the Delta matter. Can you let me know which of Delta’s original causes of actions are no longer live as we head into the pre-trial conferen…
On November 20, 2024, the M/V Red Room struck a submerged object on the bed of the Ohio River. The Incident resulted in a hull breach and the discharge of crude oil into the Ohio River. During subse…
We just received a Civil Investigative Demand from the Federal Communications Commission (“FCC”) regarding our text marketing campaign to promote our reverse mortgage product. The interrogatories i…
Our client needs to know if any of that data that was transmitted in the breach is considered personal data under GDPR. Review the four attached incident reports and provide your reply to me with ex…
Evaluate whether the breach notification requirements to EU/EEA customers in Version 1 of the Breach and Incident Response Policy are compliant with the GDPR, by answering the following questions: 1) …
Review the Controller-to-Supervisory Authority Notification Template, along with the timing set out in the V.2 Breach & Incident Response Policy, to ensure compliance with the notification requirement…
Let's assess the applicability of the statement of "[t[hese data elements constitute personal data for GDPR purposes because they relate to identifiable users, even though no directly identifying attr…
It has come to our attention that some of the data transferred by the "Diagnostics Analytics Module" related to residents of Colorado. Does Colorado Law require us to notify Colorado residents of this…
Northstar is reviewing its policies for notifying American data subjects in case there is another unauthorized data transfer. Specifically, a lot of Northstar's data subjects reside in the State of Ne…
Will Northstar be required to compensate affected data subjects under the General Data Protection Regulation ("GDPR") for the Data Analytics Module's (the "Module") unauthorized data transfer if the d…
Determine if Northstar can be fined under Article 83 of the General Data Protection Regulation ("GDPR") for a violation of Article 14(2)(e) of the GDPR for the data transfer from the Data Analytics Mo…
MGR Real Estate Inc. (the "Lessor") and "AI Automation Group, LLC" (the "Lessee") entered into the final lease agreement on December 5, 2025 for 2020 Main Street, Irvine, CA (the "Premises"). On De…
MGR Real Estate Inc. ("MGR") and AI Automation Group, LLC ("AIAG") entered into the final lease agreement on December 12, 2025 for 2020 Main Street, Irvine, CA (the "Building"). A couple years later, …
MGR Real Estate Inc. ("MGR") and "AI Automation Group, LLC" ("AIAG") entered into the final lease agreement on December 12, 2025 for 2020 Main Street, Irvine, CA (the "Building"). The Parties mutually…
MGR Real Estate Inc. ("MGR") and "AI Automation Group, LLC" ("AIAG") entered into the final lease agreement (the "Lease") on December 12, 2025 for 2020 Main Street, Irvine, CA (the "Building"). On Dec…
MGR Real Estate Inc. (The "Lessor") and "AI Automation Group, LLC" (the "Lessee") entered into the final lease agreement on December 5, 2025 for 2020 Main Street, Irvine, CA (the "Premises"). On Decem…
MGR REAL ESTATE INC. (The "Lessor") has leased a portion of 2020 MAIN STREET, IRVINE, CA (The "Premises") to AI AUTOMATION GROUP, LLC (The "Lessee"). The lease started on December 5, 2025. The Lesse…
I just found out that INTERNATIONAL CORPORATION SERVICES LTD. (ICS) acts as registered agent for our largest competitor. Considering that ICS has all our financial and other info, this is a serious br…
Harbor View Storage Fund I, L.P. (the "Purchaser") has purchased Secure Box Storage Holdings Limited (the "Company") from the Sellers pursuant to an executed Share Purchase Agreement (SPA). After th…
During acquisition diligence, Apex Storage Asia Pte. Ltd. (the "Landlord") notifies of a claim it has just received from a tenant. The Landlord has a lease for part of one of its Singapore properties …
Post-closing, the Fire Department issued a fine for pre-completion non-compliance at one of the facilities, and the buyer paid the fine to avoid operational disruption. Take a look at the Secure Box…