What GDPR Means For Businesses With An AI Strategy

December 31 15:40 2019 Print This Article

It’s been over a year since the General Data Protection Regulation (GDPR) went into effect, yet I still get questions from customers, prospects, and fellow tech leaders on how to do business in European markets while maintaining compliance.
The GDPR is a European Union regulation that outlines how companies can collect, process, and store personal data. And since data is the key ingredient in artificial intelligence (AI), these regulations bring a new layer of complexity to organizations that build AI-powered products or use AI internally to drive growth.

Is It Helping Or Hindering AI Innovation?

On the one hand, it may feel like the GDPR and other privacy regulations hinder AI advances. For example, some companies I’ve spoken to have had to delete CRM data that wasn’t GDPR-compliant, which means their algorithms have a smaller data set from which to learn. Additionally, engineering teams at companies across industries likely dedicated time and resources to ensure their products are GDPR-compliant — resources that could have been focused on further AI innovation.

But while these setbacks seem burdensome today, I believe the GDPR is good for AI and the technology industry in the long run. Before the GDPR, we were in the Wild West of privacy. These regulations establish a road map for how companies should handle personal data and protect customer privacy. It can also encourage companies to build privacy standards into their products from the start — known as “privacy by design.” Lastly, GDPR creates a framework in which companies can operate; businesses may now have a better understanding of how to partner with external organizations while keeping privacy top of mind.

Is your AI-powered organization prepared for GDPR compliance? While there may not be definitive answers yet when it comes to GDPR, there are ways to minimize your organization’s risk while still leveraging AI technologies. Here’s my take. (Note: I love talking about everything AI, but I’m not a lawyer. Consult your legal department to ensure all actions your organization takes are fully compliant with GDPR.)

GDPR Advice For AI-Driven Companies

  1. Read the GDPR. You’d be surprised how many companies are trying to be GDPR-compliant without reading the law itself. Before hiring a lawyer, take the time to review the regulations yourself. I actually think it’s a reasonable document and will only take a few hours to read. (Check out the GDPR website for a searchable, organized version of the policy.) Read it article by article, and note which articles are relevant to your business.
  1. If you build software, embed privacy into your development life cycle. Just like test-driven development (TDD), where engineers build software test coverage before writing the first line of code in order to reduce bugs later on — and security-driven development (SDD), where engineers design security tests and controls up front — we can incorporate privacy into the software development process. It’s not so far-fetched to think about a privacy-driven development (PDD) model in which engineers design products in a way that respects users’ privacy from day one before they build on the product itself. Embedding privacy into the design and architecture of the software means engineers likely won’t have to make major code changes to keep up with evolving privacy regulations.
  2. Monitor GDPR news and court decisions. The results of landmark GDPR cases, such as the recent, enormous fines against Marriott International and British Airways, will likely determine how judges interpret the GDPR going forward, bring out contrast to some of the gray areas of the policy and shape the future of privacy law. Stay on top of GDPR news by subscribing to newsletters and services through organizations such as the International Association of Privacy Professionals and the U.K.’s Information Commissioner’s Office.
  3. Don’t manually capture customer data. Per Article 6 of GDPR, businesses cannot process EU residents’ data without first obtaining consent, establishing legitimate interest or determining that processing is necessary. If your global sales team is manually entering contacts into your CRM, chances are not all of them include proper proof of consent. Without that proof, your business could be subject to fines of up to 4% of your annual global revenue.

GDPR and other regulations force us as technology companies to think about privacy implications in a time when data is everywhere and hard to control. If AI-driven organizations take the proper steps to prepare for GDPR compliance today, the short-term burdens will pay off in the long term with increased corporate accountability and public trust.

this article was originally posted here: https://www.forbes.com/sites/forbestechcouncil/2019/09/06/what-gdpr-means-for-businesses-with-an-ai-strategy/#52a8c397858d

view more articles

About Article Author

Oleg Rogynskyy
Oleg Rogynskyy

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment