AI is believed to have great potential in the field of dermatology and skincare. Currently, different solutions are being developed in order to personalise skincare for people. For example, algorithms can be developed, which make use of computer vision and machine learning in order to help people find the right skincare treatments for them. There are two ways how AI is used for this. First, it is possible to develop computer and mobile applications, which analyse the skin of a person based on the person’s selfie. The application analyses, what the person’s skin type is and what kind of products or treatments the person should use.

The use of AI-based technologies brings along various legal issues, such as liability questions regarding damages caused by using AI. When it comes to AI, there are data protection concerns as well. As explained in this article, it is difficult to comply with the core principles of data protection stipulated in Article 5 of the Regulation (EU) 2016/679 of the European Parliament and the Council (the “GDPR”). It is particularly problematic to achieve compliance with the principles of transparency, purpose limitation and data minimisation.

Nowadays, most companies rely on Google Analytics and Facebook Custom Audiences when taking out an ad. These online marketing tools allow them to target the audience of digital advertisements more accurately in order to increase impact and reduce costs. However, the use of data-driven marketing tools also requires companies to measure up their privacy and data protection standards in respect of the European Union’s General Data Protection Regulation (GDPR).

GDPR entered into force on May 25, 2018. The Brexit saga is significantly older, but regardless of the preceding, the future is confusing for international and cross-border operating businesses. On the one hand, the UK was an EU member state during the development and enforcement of the GDPR and London has participated in drawing up the European data protection rules.

General Data Protection Regulations (GDPR) set some requirements for data protection, that are not possible to fulfil solely with the knowledge of managers, lawyers or other employees who lack technical skills.