Thrive on AI: Data Risks
We’ve said it before and it’s only getting louder: AI is reshaping how businesses work. From chatbots and smart analytics to automated content and decision-making tools, AI is helping smaller firms punch well above their weight. But with that power comes responsibility. As AI use grows, so do the risks around data privacy, and under GDPR, getting it wrong can mean serious fines and lasting reputational damage.
Understanding GDPR For AI Usage
GDPR is designed to protect the personal data of individuals within the European Union and the UK, applying strict rules to businesses that collect, process or store this data. Small businesses in Gibraltar that use AI tools must follow the seven key GDPR principles:
1. Lawfulness, fairness and transparency
2. Purpose limitations
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability
In simple terms, AI should only process the data it actually needs, and businesses must be upfront about how they’re using it. Transparency is key here, your customers and employees should know how their data is handled, and in some cases, they must give explicit consent before AI tools can be used. And don’t forget to check where the AI platforms you are using store your data, because if it’s outside of the EU or UK, you will likely need to have extra safeguards in place to stay compliant.
The Risks of AI Tools For GDPR
AI tools can be incredibly useful, but they also come with hidden compliance risks. Many small businesses unknowingly risk GDPR breaches by using free or third-party AI platforms like ChatGPT, transcription services, or automated content generators. These tools often require large amounts of data input, which could be stored, processed, or even used to train future AI models without your knowledge.
How this Could Work in Practice
Here’s a hypothetical scenario to illustrate some of the pitfalls you’ll need to be aware of. Imagine a legal firm testing a free AI-powered tool to transcribe client meetings, summarise key points, and draft legal documents. It streamlines admin tasks and speeds up workflows. However, it also raises serious GDPR concerns. What happened?
In this scenario, the AI tool transcribes a confidential client meeting in real time, picking up sensitive details about a potential legal strategy. It summarises key points, extracts follow-ups, and then generates a draft contract. Where the risks lie:
1. Sensitive data handling
The AI tool, being free and cloud-based, may store data on overseas servers with limited transparency about who accesses it. GDPR requires firms to process data lawfully and transparently. In this example, the firm hasn’t told the client AI tools will be used. This could breach consent rules.
2. Cross-border data transfer
If the tool stores data in the US or other non-GDPR jurisdictions, this could be a violation unless strict safeguards are in place. Key questions arise:
– Where is the data stored?
– Is it encrypted?
– How long is it retained?
– Can it be deleted on request?
If the firm can’t answer these confidently, it risks non-compliance.
3. Data rights and retention
GDPR gives clients the right to access, correct or delete their data. Free AI tools rarely offer this level of control. In some cases, data may even be used to train the AI, putting legally privileged information at risk.
4. AI-generated outputs and liability
In this case, the AI also drafts a contract. If it misinterprets something or leaves out critical details, the resulting document could be flawed. Without human review, there’s a risk of legal or reputational fallout.
Lessons (hypothetically) learned
Firms considering similar tools should:
– Use GDPR-compliant services
– Choose providers with servers in the UK or EU and clear privacy policies.
– Gain informed consent
– Update client onboarding materials to explain how AI may be used.
– Review AI-generated content
– Never send legal documents to clients without human oversight.
– Control data storage and deletion
– Ensure you can remove data on request and avoid using tools that retain or repurpose it.
AI can be a powerful advantage for small businesses, but this case study is a timely reminder that not all tools are created equal. Businesses need to know who they are buying from, where data is stored, and how compliance is managed, especially in data-sensitive sectors like legal, finance and healthcare, where trust is everything.
AI raises the bar on data protection. The challenge is to innovate without cutting corners. By understanding GDPR obligations, choosing trusted providers, and drawing on guidance from bodies like the GRA, businesses can use AI confidently and responsibly. As data protection rules continue to evolve alongside AI, staying informed and proactive will be key to staying competitive and compliant.
SHARE THIS
OTHER
As the CEO of a specialist security business called Paladin Defence and close protection operative/ private security contractor, I have experienced security threats of all types since 1990. From opportunistic personal attacks to targeted organised commercial crime, I feel there is a lot more we should be doing to defend and protect ourselves. Understandably, Gibraltar is considered to have a relatively low crime rate; but what are the realistic threats and risks to small businesses in our corner of the Mediterranean?
Over the past 18 years, I've had the privilege of working with a diverse range of businesses and industries, gaining insights into the challenges they face in implementing effective diversity and inclusion strategies. Often, DEI&B is viewed as a 'nice to have' rather than an essential component of business success. With this in mind, I'm excited to share valuable insights and practical steps to help you create environments where everyone can thrive. You've probably heard of DEI&B, but what do these letters really mean, and why do they matter for you and your organisation? Diversity includes differences like race, gender, age, neurodiversity, disability, LGBTQ+, culture, and more; Equity ensures equal opportunities for all; Inclusion values everyone's contributions; and Belonging means individuals feel accepted and integral to the organisation.
Did you know that what you eat directly affects your energy levels, brain function, and stress resilience? Poor dietary habits—such as skipping meals, consuming too much caffeine, or relying on processed foods—can lead to energy crashes, brain fog, and reduced efficiency. On the other hand, a well-balanced diet stabilises blood sugar, enhances cognitive function, and keeps stress levels in check.
Who doesn’t love a good office gossip? Hushed conversations by the coffee machine, knowing glances across the office, colleagues who "just thought you should know" – it’s all just harmless banter, right? Not quite. While gossip might seem like an inevitable part of office life, the reality is much less entertaining. Workplace backbiting can destroy trust, drain morale, and impact team productivity. Few people understand this better than Norwegian psychotherapist Glenn Rolfsen. With over two decades of experience in psychotherapy, Glenn has dedicated his career to helping businesses tackle workplace negativity head-on. His innovative "Gozzip" method has been transforming office cultures worldwide, earning him recognition at TEDx talks and WHO conferences.
We all have bad days, right? In business, that can mean we don’t bring our A-game to work and perhaps our service slips. Maybe a dish takes too long to reach a table or a staff member sounds distracted at the till. This could lead to negative Google Reviews or on ‘that’ Facebook group that […]
Success doesn’t just happen; it’s built on a strong foundation of preparation, clarity, and taking consistent action. Whether you’re launching a new business, taking your current side-hustle full-time, or looking to scale in a competitive market, having the right plan in place is essential.
2 mins |
Business Plan Essentials
You have a brilliant idea. You can picture the logo, the customers, maybe even the first sale. But without a clear plan for how to get there, the idea risks staying exactly that - an idea. Starting a business without a plan is like setting off on a trip with no map. You might eventually arrive somewhere, but it is unlikely to be where you hoped. A business plan is not just paperwork. When written with care, it is a roadmap that guides every decision, a pitch that wins support, and a source of confidence on the days when challenges mount.
Building a personal brand isn't just about showcasing your professional accomplishments; it's about weaving your unique narrative, passions, and values into a cohesive identity that resonates with others. Here's how you can bring your personal brand to life, with practical examples to guide you at every step.
In the latest edition of Thrive, regular contributor John Hayes reflects on the uncertainty facing small and medium-sized businesses in Gibraltar. From Brexit fallout to ever-changing frontier delays, he unpacks why the border remains a top concern—and how local firms are adapting. While resolving post-Brexit cross-border issues is beyond the scope of this correspondent, there are practical steps business owners can take to mitigate and manage the challenges of this uncertainty.
Running a small business is an exciting journey, but without proper bookkeeping, it can quickly become overwhelming. Imagine trying to make critical business decisions without knowing how much money is in your account or being caught off guard by a hefty tax bill because records weren’t kept up to date. Good bookkeeping isn’t just about staying compliant; it’s about gaining control over your business, planning for growth, and avoiding costly mistakes.
Over the past few years, I’ve noticed the same logo cropping up more and more often. On coffee cups. On consultancy websites. In email signatures and pitch decks. The familiar B Corp badge, quietly signalling that a business is trying to do things differently. With our horizons widening post-treaty, could this globally-relevant badge could become a way of promoting your CSR values to an international market?
Gibraltar’s size means that shoppers don’t have too far to go to shop. Schools, supermarkets, entertainment, eateries and healthcare are all within easy reach. That hasn’t stopped Gibraltar's business community from wanting to meet its customers' needs online. I met three local businesses that have embraced eCommerce.
Corporate Social Responsibility is no longer just for big companies. Small and medium-sized businesses are making a real impact through practical, authentic actions that reflect who they are. From supporting sport, culture and charities to rolling up sleeves for environmental projects, consistent CSR builds trust, loyalty and pride. When businesses show up for their community in meaningful ways, those efforts are noticed and often returned.
Last month marked eight years since the UK voted to leave the European Union. I remember the exact moment I read the headline ‘UK Votes to Leave the EU’ on my phone and the feeling of shock that started to set in. My first thought was, “Er, now what?” Little did I know I would still be asking that question eight years later… Eight years of uncertainty, negotiations, grace periods, frameworks, and meticulously crafted non-statements. But still no solution.
For many businesses, standing out from the crowd in an already crowded marketplace is a mammoth task. But for Fresquita one of the ways they tackled this issue was with highly creative packaging.
Thrive catches up with Nick Pitaluga TEP, Managing Director of Gibraltar Trust & Corporate Services Limited - “GTCS”. From starting out as a messenger to leading his firm through a major merger, Nick talks about the importance of stepping outside your comfort zone and offers inspiration for anyone carving their own niche.
During a recent and very long overdue catch up with my friend Trina, I had one of those ‘Aha moments’. To be fair, as someone who spends a lot of time interviewing experts, these moments happen to me a lot, but this one was different. In the 20 years Trina and I have been friends, she’s developed marketing strategies for global brands including Coca Cola, Virgin Atlantic, Nestlé and IKEA . Impressive stuff, but it’s what she’s working on now that really got me thinking…Taking inspiration from the military and politics, Trina and her business partners set up The Competitive Wargaming Team and now deliver secret, scenario-based ‘corporate war rooms’ for senior leaders designed to predict and outmaneuver competitor moves.
Technology is having a major effect on every aspect of our lives, and the retail environment is not immune to these changes. Not only has online shopping revolutionised the way we think about buying and consuming, but it has also dramatically changed how we shop in physical stores.
Whether you’re an ebook tapper or traditional page turner, there are thousands of books that can make you better at business. Áine Panter, Head of the School of Business at the University of Gibraltar has curated a list of must-reads that will inspire, inform, and equip you for success.
When you’ve been running your own business for a while, you know what works, and it’s easy to rely on the skills that got you to where you are. Chances are, you’re comfortable doing things in a certain way, and your team knows what to expect from your leadership style.