Thrive on AI: Data Risks
We’ve said it before and it’s only getting louder: AI is reshaping how businesses work. From chatbots and smart analytics to automated content and decision-making tools, AI is helping smaller firms punch well above their weight. But with that power comes responsibility. As AI use grows, so do the risks around data privacy, and under GDPR, getting it wrong can mean serious fines and lasting reputational damage.
Understanding GDPR For AI Usage
GDPR is designed to protect the personal data of individuals within the European Union and the UK, applying strict rules to businesses that collect, process or store this data. Small businesses in Gibraltar that use AI tools must follow the seven key GDPR principles:
1. Lawfulness, fairness and transparency
2. Purpose limitations
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability
In simple terms, AI should only process the data it actually needs, and businesses must be upfront about how they’re using it. Transparency is key here, your customers and employees should know how their data is handled, and in some cases, they must give explicit consent before AI tools can be used. And don’t forget to check where the AI platforms you are using store your data, because if it’s outside of the EU or UK, you will likely need to have extra safeguards in place to stay compliant.
The Risks of AI Tools For GDPR
AI tools can be incredibly useful, but they also come with hidden compliance risks. Many small businesses unknowingly risk GDPR breaches by using free or third-party AI platforms like ChatGPT, transcription services, or automated content generators. These tools often require large amounts of data input, which could be stored, processed, or even used to train future AI models without your knowledge.
How this Could Work in Practice
Here’s a hypothetical scenario to illustrate some of the pitfalls you’ll need to be aware of. Imagine a legal firm testing a free AI-powered tool to transcribe client meetings, summarise key points, and draft legal documents. It streamlines admin tasks and speeds up workflows. However, it also raises serious GDPR concerns. What happened?
In this scenario, the AI tool transcribes a confidential client meeting in real time, picking up sensitive details about a potential legal strategy. It summarises key points, extracts follow-ups, and then generates a draft contract. Where the risks lie:
1. Sensitive data handling
The AI tool, being free and cloud-based, may store data on overseas servers with limited transparency about who accesses it. GDPR requires firms to process data lawfully and transparently. In this example, the firm hasn’t told the client AI tools will be used. This could breach consent rules.
2. Cross-border data transfer
If the tool stores data in the US or other non-GDPR jurisdictions, this could be a violation unless strict safeguards are in place. Key questions arise:
– Where is the data stored?
– Is it encrypted?
– How long is it retained?
– Can it be deleted on request?
If the firm can’t answer these confidently, it risks non-compliance.
3. Data rights and retention
GDPR gives clients the right to access, correct or delete their data. Free AI tools rarely offer this level of control. In some cases, data may even be used to train the AI, putting legally privileged information at risk.
4. AI-generated outputs and liability
In this case, the AI also drafts a contract. If it misinterprets something or leaves out critical details, the resulting document could be flawed. Without human review, there’s a risk of legal or reputational fallout.
Lessons (hypothetically) learned
Firms considering similar tools should:
– Use GDPR-compliant services
– Choose providers with servers in the UK or EU and clear privacy policies.
– Gain informed consent
– Update client onboarding materials to explain how AI may be used.
– Review AI-generated content
– Never send legal documents to clients without human oversight.
– Control data storage and deletion
– Ensure you can remove data on request and avoid using tools that retain or repurpose it.
AI can be a powerful advantage for small businesses, but this case study is a timely reminder that not all tools are created equal. Businesses need to know who they are buying from, where data is stored, and how compliance is managed, especially in data-sensitive sectors like legal, finance and healthcare, where trust is everything.
AI raises the bar on data protection. The challenge is to innovate without cutting corners. By understanding GDPR obligations, choosing trusted providers, and drawing on guidance from bodies like the GRA, businesses can use AI confidently and responsibly. As data protection rules continue to evolve alongside AI, staying informed and proactive will be key to staying competitive and compliant.
SHARE THIS
OTHER
Corporate Social Responsibility is no longer just for big companies. Small and medium-sized businesses are making a real impact through practical, authentic actions that reflect who they are. From supporting sport, culture and charities to rolling up sleeves for environmental projects, consistent CSR builds trust, loyalty and pride. When businesses show up for their community in meaningful ways, those efforts are noticed and often returned.
In the latest edition of Thrive, regular contributor John Hayes reflects on the uncertainty facing small and medium-sized businesses in Gibraltar. From Brexit fallout to ever-changing frontier delays, he unpacks why the border remains a top concern—and how local firms are adapting. While resolving post-Brexit cross-border issues is beyond the scope of this correspondent, there are practical steps business owners can take to mitigate and manage the challenges of this uncertainty.
When it comes to ideation in business, there’s no one-size-fits-all approach. Every business, team, and leader has their own way of generating and refining ideas. Whether it’s through structured brainstorming sessions, casual conversations, or solo reflection, the goal is to unlock creativity and find solutions. We’ve asked four GFSB members to share how they approach ideation in their fields. As you read, think about how you generate ideas and remember that sometimes, the best results come from trying something new.
There’s something slightly uncomfortable about sending a contract to a client when you run a small business. Especially in Gibraltar, where relationships matter and business often begins with a conversation over un cafelito rather than a legal document. When you know someone personally, or you’ve been introduced by a mutual contact, it can feel unnecessary to formalise everything. You tell yourself that an email thread is enough. Or that you’ll sort the paperwork later. I used to think like that. Over time, and through a few situations that were more stressful than they needed to be, I’ve realised that putting things in writing isn’t about distrust. It’s about creating guardrails for growth. The clearer the boundaries, the freer you are to focus on doing good work.
For many businesses, standing out from the crowd in an already crowded marketplace is a mammoth task. But for Fresquita one of the ways they tackled this issue was with highly creative packaging.
Love is big business. According to official statistics, 1,745 weddings took place in Gibraltar in 2021 followed by another 1,761 weddings in 2022 and a further 1640 in 2023. That’s around 33 weddings each week or 6 every single day. With an estimated population of around 33,000, it’s safe to say that, no, we aren’t all marrying each other, but that Gibraltar is a very popular place for many people to come and say ‘I do’. In fact, in all three years, non-residents outnumbered residents by an average of 90% to 10%. The stats point to a healthy wedding sector, one that our Minister for Tourism, Christian Santos is keen to develop. In an interview with the Gibraltar Chronicle he recently said he wanted; “Gibraltar to be the Las Vegas of Europe” when it comes to weddings. Unlike Vegas, we don’t have Elvis. But we do have John. Music legend John Lennon famously married Yoko Ono here in 1969 and put the Rock on the map for ‘Fast Track’ weddings. If music’s not your thing, acting legend Sean Connery (AKA James Bond) also tied the knot here (twice)!
Gibraltar has long been home to many international businesses. Gaming giants, UK-based insurance companies and far-flung fintech firms are all drawn here thanks to our strategic location and business-friendly environment. Carl Clavering moved his insurance business to Gibraltar, and it’s safe to say, it’s transformed his life. When I caught up with Carl, it was clear that his decision to relocate wasn't just about tax advantages or access to the UK market —it was about finding a place that felt like home, both for his business and his family.
Over the past 18 years, I've had the privilege of working with a diverse range of businesses and industries, gaining insights into the challenges they face in implementing effective diversity and inclusion strategies. Often, DEI&B is viewed as a 'nice to have' rather than an essential component of business success. With this in mind, I'm excited to share valuable insights and practical steps to help you create environments where everyone can thrive. You've probably heard of DEI&B, but what do these letters really mean, and why do they matter for you and your organisation? Diversity includes differences like race, gender, age, neurodiversity, disability, LGBTQ+, culture, and more; Equity ensures equal opportunities for all; Inclusion values everyone's contributions; and Belonging means individuals feel accepted and integral to the organisation.
When stakeholder conversations become difficult, most organisations focus on communication. Kerstin Andlaw argues the real issue runs deeper. It is not what we say, but how we stay in the relationship when pressure rises. In complex environments, the ability to work with tension, not avoid it, is what separates transactional engagement from true collaboration.
From the increasing influence of AI to the rise of social commerce and sustainability-driven consumer demand, the key to success lies in adapting strategically rather than chasing every new trend. This guide breaks down the most impactful trends for the year ahead—offering insights on how to integrate them into your business without losing sight of what already works. Smart adaptation, not blind reinvention, is the name of the game. Here's what to expect and how to make it work for you.
In an age where small businesses must adapt to stay in business, outsourcing has long been a way to enhance efficiency and streamline operations. Derived from the simple philosophy of delegating certain non-core tasks to external experts, outsourcing allows businesses to concentrate on their primary objectives and strengths. For the uninitiated, it's about seeking external expertise for tasks outside your comfort zone, skills base or business's main expertise.
Thrive Editor's Letter |
Editor’s Welcome
Welcome to the fifth edition of Thrive magazine. Too often the narrative around business focuses on success and, in my view, we forget to talk about failure. That’s why we lead this edition with EPIC FAILS by Katie Buller—because understanding what doesn’t work is just as important as what does.
Starting and running a small business is rewarding but comes with its fair share of challenges. The path of entrepreneurship is often characterised by immense dedication, long hours, and tough decisions. As a small business owner, you're not just responsible for the operations and growth of your company and team, but also for your own wellbeing.
Fair recruitment is based on the principle that candidates are judged on their ability to do the job rather than influenced by factors such as an applicant’s gender, religion, ethnicity, or any other quality unrelated to their skills and expertise. As the Founder of Rock Learning and the Co-Founder of the ‘Count me In’ DEIB Conference, I have developed a deep understanding of the topic and how small businesses can implement inclusive hiring practices.
Stepping into a leadership role can be exciting. It’s a chance to shape the future and lead a team to success. But with a leadership role comes a new level of responsibility. You’re suddenly the person others look to for direction and answers, and it’s your role to create a workplace where they can thrive - while also being accountable for their work. And that isn’t always an easy balancing act. Leadership is a learning curve - an eternal one at that. By focusing on a few key behaviours and techniques, you can set yourself on the right path to lead well, build a great high performing team and help your business grow.
Who doesn’t love a good office gossip? Hushed conversations by the coffee machine, knowing glances across the office, colleagues who "just thought you should know" – it’s all just harmless banter, right? Not quite. While gossip might seem like an inevitable part of office life, the reality is much less entertaining. Workplace backbiting can destroy trust, drain morale, and impact team productivity. Few people understand this better than Norwegian psychotherapist Glenn Rolfsen. With over two decades of experience in psychotherapy, Glenn has dedicated his career to helping businesses tackle workplace negativity head-on. His innovative "Gozzip" method has been transforming office cultures worldwide, earning him recognition at TEDx talks and WHO conferences.
Two decades is a long time for any business - with all the strife that businesses large and small have had to endure these past four years, it seems that anxiety among business owners has never been higher. I recently had the pleasure of chatting with Garren Thompson, co-owner and co-founder of Gibraltar hair & beauty salon Miss Shapes, based on Bishop Rapallo’s Ramp. As the business recently hit the 20-year milestone, we discussed the highs and lows of creating a successful salon in a saturated market, how he and his team created their new range of Miss Shapes branded Hair & Beauty products and how this will help build success for another 20 years.
In business, we often concentrate on the what and how of an enterprise.
“People want to know the stories behind the products they buy. It’s not just about what’s on the shelf, but the journey it took to get there.” – Stella, Spirit of The Rock As consumer habits shift towards mindfulness and sustainability, the concept of slow shopping has emerged, offering both challenges and opportunities for small businesses. Slow shopping encourages consumers to take their time, make more thoughtful purchases, and focus on quality over quantity.
Whether you’re building a business from the ground up or hoping to grow an existing operation, having a strong business development strategy is the foundation of success. But real, sustainable growth doesn’t come from chasing the next big thing, it comes from getting the essentials right. So, what are the fundamentals you can’t afford to ignore? In my view, this starts with something I call the “Holy Trinity” of small business marketing...