skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration


Enterprises that must comply with GDPR need to view artificial intelligence (AI) and machine learning as tools for scaling their long-term compliance effort, rather than tools for extracting short-term value from data subjects.


  • In Ovum’s 2017/18 ICT Enterprise Insights survey of nearly 5,000 enterprise decision-makers, 71.3% of respondents reported that their organization was planning, trialing, or had already fully deployed AI for decision-making.
  • GDPR places heavy restrictions on the use of automated decision-making when those decisions are likely to have a significant effect on data subjects, limiting the use cases for AI within the enterprise.
  • While AI's interaction with data subjects remains restricted, AI embedded within compliance-related technology will be a critical factor in scaling to modern volumes of data and achieving "data protection by design and by default."

Features and Benefits

  • Identifies key enterprise adoption and deployment trends for artificial intelligence technologies.
  • Evaluates the restrictions that GDPR places on automated decision-making, and analyzes how these restrictions impact automation technology.
  • Identifies data subjects' rights regarding the use of automated decision-making, and interprets the effects on the enterprise.
  • Identifies enterprise use cases in which "black box" artificial intelligence technology may be considered compliant with GDPR.
  • Compares automated and manual approaches for the detection and protection of personal information for compliance with GDPR.

Key questions answered

  • What is the current adoption rate for AI technologies within the enterprise, and what is the most common use case?
  • Why is "black box" AI technology potentially noncompliant with GDPR?
  • Why does use of AI within compliance-related technology enjoy more freedom from GDPR requirements of transparency?
  • Why will AI and automation be necessary within compliance-related technology in order to achieve data protection by design at scale?
  • What strategies can the enterprise employ to ensure that use of AI and automation remain compliant with GDPR?

Table of contents

Ovum view

  • Summary
  • The time to formulate enterprise automation strategy is now
  • Under GDPR, are "black box" algorithms always bad?
  • Automation within compliance efforts is critical to scale


  • Further reading
  • Author

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now