GDPR and AI content: what to watch out for

When working with AI content you quickly come into contact with personal data — whether it is customer data fed into models, or the likeness of real people in visuals. GDPR therefore applies to you as well.

The first principle: minimisation. Do not put more personal data into AI tools than is necessary, and avoid sensitive data unless you have a legal basis and consent.

The second area is transparency towards data subjects. If you process data (contact form, newsletter, analytics), you must clearly inform people about the purpose, legal basis and retention period.

The third area is AI visuals. Generating the likeness of a specific real person without their consent is risky. With AI models we therefore work with fully synthetic identities.

This article is not legal advice. Before deployment we recommend consulting an expert — but the principles mentioned will help you avoid the most common mistakes.