GDPR and data collection

The GDPR is the largest consumer privacy act enacted to reign in what was essentially the heyday of data collection. There weren’t many rules regarding what you could collect or how you could use the information once you obtained it for a long time. 

While data privacy for customers is incredibly important, these new regulations can be a burden for companies. The rules are complicated, and the penalty for non-compliance, severe. We are talking up to 20 million euros or four percent of your global turnover type of severe. Because no one wants to be on the wrong side of that fine, we have put together a shortlist of notable topics regarding data privacy and AI. As with everything though, a short internet list is by no means conclusive, so check out their webpage for more information. 

Minimization

The GDPR mandates that companies only collect and store data that is strictly necessary. Clearly, there is some argument as to what might be considered necessary or not. Still, generally, it is good to be aware of exactly what data you are collecting, its purpose, and the specific way you are communicating to the user that that information is being collected. 

Limitation

Once your company has collected any degree of user information, of course, you want to get as much out of it as possible. After all, data collection can be a tiresome and costly endeavor. Within new regulations, companies can only use data for the specifically stated purpose. That means no combining data sets to make your AI or chatbot function better. If you haven’t explicitly informed your users that their information will be used for that purpose, it cannot be done. 

No sensitive data

Here we finally come to a rule that is a bit more concrete and tangible. The GDPR forbids any collection of what it deems ‘sensitive information.’ This includes things like medical history, religion, ethnicity, or criminal background. There is a possibility of obtaining a legal exception, but one would have to imagine that it’s not an easy feat and you would have to have an exceptionally good reason. 

Transparency

No matter what you do or what data you collect, one of the primary principles of the GDPR regulations is that you have to be clear and open about exactly what you are collecting and what you will do with that information. Here, specificity is key. 

Objection

Users need to be able to object at any time to their data being collected and used. Additionally, they need to be able to see exactly what data you have about them, contest it, and have it deleted if they choose. This means very clear questions at the beginning of any interaction with a customer and set up an easy way for users to either change their mind or see their data. Usually, this can be set up fairly easily with an automation process or a chatbot. 

While GDPR has clearly changed the rules of data collection, it doesn’t have to be an end-all. It is just more important than ever to know exactly what kind of data you are collecting from your customers and what you are doing with it. 


To read this article in its original publishing, click here

Previous

Data Privacy for Insurance
Next

What to consider before investing in AI?