The GDPR audit that reshaped our entire ML pipeline

The GDPR audit that reshaped our entire ML pipeline

Simor Consulting | 07 Jul, 2026 | 05 Mins read

A European fintech with twelve million customers received a GDPR audit notice from their national data protection authority. The audit focused on the company’s machine learning pipeline, which powered credit scoring, fraud detection, and customer segmentation. The data protection authority’s concern was specific: the company’s ML training pipeline was ingesting and retaining personal data that was not necessary for the stated purpose of the models.

GDPR’s data minimization principle requires that personal data collected for a specific purpose be limited to what is necessary for that purpose. The audit found that the company’s feature engineering pipeline was extracting and storing over 200 features per customer, including features that had no demonstrated relationship to model performance. Transaction timestamps, device fingerprints, browsing session metadata, and geolocation history were all being ingested into the training data store. Some of these features had been included because an early experiment showed marginal accuracy improvement. Others had been included because “we might need them later.”

The data protection authority issued a preliminary finding that the company was in violation of the data minimization principle for approximately sixty percent of the features in their training pipeline. The company had ninety days to demonstrate compliance or face penalties.

The problem was not the models

The credit scoring model used thirty-one features. The fraud detection model used forty-seven features. The customer segmentation model used twenty-three features. Combined, the three production models used approximately 100 unique features. But the training data store contained over 200 features per customer, because the feature engineering pipeline was shared across all models and had been designed to extract every available feature “just in case.”

The pipeline was built as a single extraction job that pulled data from the transaction database, the CRM, the web analytics platform, and the device fingerprinting service. The extraction job wrote all features to a centralized training data store. Each model’s training job read from this store and selected its relevant features. The unused features remained in the store, accessible to any future model that might want them.

This design violated GDPR’s purpose limitation principle, which requires that data collected for one purpose not be repurposed for another without explicit consent. The company had consent to use transaction data for credit scoring. It did not have consent to retain browsing session metadata in a training data store that was accessible to the customer segmentation model. The centralized store made this repurposing trivially easy, which was the point of the design — and the source of the compliance failure.

The rebuild: purpose-bound feature pipelines

We redesigned the ML pipeline to enforce purpose limitation at the infrastructure level. Each model had its own feature pipeline that extracted only the features necessary for that model’s stated purpose. The pipelines were isolated — a feature pipeline for credit scoring could not access data that was consented only for fraud detection.

This diagram requires JavaScript.

Enable JavaScript in your browser to use this feature.

The consent registry was the gate. Every feature extraction was checked against the consent registry to verify that the customer had consented to the use of that data for the specific purpose of the model being trained. If a customer had consented to transaction data being used for credit scoring but not for customer segmentation, the segmentation feature pipeline could not extract transaction features for that customer.

The data minimization audit was the enforcement mechanism. Every feature in every pipeline was required to have a documented justification: why this feature was necessary for the model’s purpose, what evidence supported its inclusion, and what impact its removal would have on model performance. Features without a documented justification were flagged and excluded.

The feature justification process

Every feature had to pass a three-part test. First, necessity: was the feature required for the model to achieve its stated performance target? A feature that improved accuracy by 0.1 percent was not necessary if the model already met its target without it. Second, proportionality: was the feature the least intrusive way to capture the relevant signal? If a feature derived from browsing session metadata could be replaced by a feature derived from transaction history with similar accuracy, the less intrusive alternative was required. Third, consent coverage: did the customer’s consent explicitly cover the use of this data for this purpose?

The justification process eliminated 104 of the 200 features. Some were eliminated because they had no demonstrated impact on model performance. Some were eliminated because a less intrusive alternative existed. Some were eliminated because the consent basis did not cover the model’s purpose.

The remaining ninety-six features were organized into purpose-bound feature sets. Each set was associated with a specific model and a specific consent basis. The feature pipeline enforced the boundary: a feature set for credit scoring could not be accessed by the segmentation pipeline, even though both pipelines drew from the same source data.

What we gave up

Model accuracy dropped slightly. The credit scoring model’s AUC decreased from 0.83 to 0.81 after removing features that lacked sufficient consent coverage. The fraud detection model’s recall decreased by two percentage points. The segmentation model was unaffected because its feature set had the broadest consent basis.

The team accepted the accuracy trade-off after calculating the regulatory cost. A GDPR penalty for the original pipeline could reach four percent of annual revenue. For a fintech with $200 million in revenue, that was $8 million. The accuracy loss translated to an estimated $400,000 in annual credit losses. The compliance risk was twenty times the accuracy cost.

The second trade-off was pipeline complexity. Instead of one shared feature extraction pipeline, the team maintained three separate pipelines. Schema changes in source systems required updates to each pipeline independently. Feature development slowed because every new feature required a consent check and a justification document before it could be added to any pipeline.

The third trade-off was model experimentation velocity. Under the old design, a data scientist could experiment with any feature in the centralized store. Under the new design, a data scientist could only experiment with features that were in their model’s purpose-bound feature set. Exploring a feature from another model’s set required a consent review and a justification process. This slowed experimentation but ensured that experiments did not violate consent boundaries.

Results

The company passed the GDPR audit on re-examination. The data protection authority’s report noted that the purpose-bound pipeline architecture was “a robust implementation of data minimization by design” and cited it as a positive example in their annual guidance publication.

The operational overhead of maintaining three separate pipelines was approximately twenty hours per month — higher than the shared pipeline but lower than the team had feared, because the automation around consent checking and feature justification reduced the manual work.

The decision heuristic

If your ML training pipeline extracts more features than your production models use, you have a data minimization problem. The fix is not to delete the unused features after training. The fix is to never extract them in the first place. Build purpose-bound feature pipelines that extract only what each model needs, gated by a consent registry that enforces the boundary between what you have consent to use and what you do not. The pipeline architecture is your compliance evidence. If the pipeline cannot extract a feature, the feature cannot end up in a training set, and the compliance question answers itself.

Shipping a production AI system?

Find the control gaps before they turn into incidents. Take the AI Production Scorecard for a fast baseline across the seven layers, or book an architecture review and we will turn it into a hardening plan.

Similar Articles

Anatomy of an AI Incident: Post-Mortem of a Model Provider Outage
Anatomy of an AI Incident: Post-Mortem of a Model Provider Outage
19 Jun, 2026 | 09 Mins read

On a Tuesday at 2:14 PM, a major model provider began returning elevated error rates for a specific model endpoint. By 2:31 PM, a customer support platform that depended on that endpoint was producing

Agent Guardrails: Containing What an Agent Can Do in Production
Agent Guardrails: Containing What an Agent Can Do in Production
25 Jun, 2026 | 09 Mins read

Input guardrails check whether a user prompt is safe. Output guardrails check whether a model response is appropriate. Agent guardrails check whether the actions an agent takes are within bounds. Thes

How a retailer reduced inference latency 90% with feature store caching
How a retailer reduced inference latency 90% with feature store caching
21 Apr, 2026 | 04 Mins read

A mid-market e-commerce retailer with roughly $200M in annual revenue had invested eighteen months building a product recommendation engine. The models were accurate. Offline evaluation showed meaning

The data pipeline that cost $50K/month — and the audit that found why
The data pipeline that cost $50K/month — and the audit that found why
22 Apr, 2026 | 04 Mins read

A financial services firm running analytics on trade settlement data came to us with a specific complaint: their cloud data platform cost had tripled in eighteen months, and nobody could explain why.

EU AI Act enforcement begins: what data teams must do now
EU AI Act enforcement begins: what data teams must do now
25 Apr, 2026 | 04 Mins read

The first enforcement window of the EU AI Act opened in February 2026, and the grace periods that protected early movers are expiring on a rolling schedule through 2027. This is no longer a policy dis

Migrating from batch to streaming: a 6-month journey
Migrating from batch to streaming: a 6-month journey
28 Apr, 2026 | 05 Mins read

A logistics company processing two million shipments per day ran their entire operational reporting stack on nightly batch ETL. Every morning at 6 AM, operations managers reviewed dashboards built on

When RAG failed: a knowledge retrieval project post-mortem
When RAG failed: a knowledge retrieval project post-mortem
29 Apr, 2026 | 05 Mins read

A legal technology company had invested six months building a retrieval-augmented generation system to help contract attorneys find relevant precedent clauses across a corpus of 180,000 executed agree

From 3-hour dashboards to 3-minute insights: a BI modernization story
From 3-hour dashboards to 3-minute insights: a BI modernization story
05 May, 2026 | 05 Mins read

A manufacturing company with facilities in twelve countries ran its operational reporting on a traditional BI stack: a data warehouse, an ETL pipeline, and a dashboard tool that had been deployed six

The vector database that couldn't scale — and what we did instead
The vector database that couldn't scale — and what we did instead
12 May, 2026 | 05 Mins read

A media company with a library of twelve million articles, transcripts, and research documents had built a semantic search system on a managed vector database. The system was designed to let journalis

Building an AI operating system for a 10,000-person company
Building an AI operating system for a 10,000-person company
19 May, 2026 | 05 Mins read

A diversified industrial company with 10,000 employees across manufacturing, logistics, and field services had accumulated forty-seven separate AI projects over three years. Each business unit had bui

How we killed our ETL pipeline (and productivity went up)
How we killed our ETL pipeline (and productivity went up)
26 May, 2026 | 05 Mins read

A B2B SaaS company running a customer success platform had a data pipeline that consumed sixty percent of the data engineering team's time. Not feature work. Not analytics. Pipeline maintenance. The p

A compliance-first AI rollout in financial services
A compliance-first AI rollout in financial services
03 Jun, 2026 | 05 Mins read

A regional bank with $12 billion in assets wanted to use machine learning to improve its commercial loan underwriting process. The existing process was manual, relying on credit analysts who spent fou

Regulators are coming for your training data — are you ready?
Regulators are coming for your training data — are you ready?
06 Jun, 2026 | 03 Mins read

The regulatory focus on AI is narrowing from the models themselves to the data that trains them. The EU AI Act requires documentation of training data provenance and composition. The US Copyright Offi

How to audit your AI pipeline for bias -- step by step
How to audit your AI pipeline for bias -- step by step
07 Jun, 2026 | 06 Mins read

Bias in AI systems is not a theoretical risk. It is a measurable property that can be detected, quantified, and mitigated at every stage of the pipeline. The teams that treat bias as an audit problem

The $2M model that never made it to production
The $2M model that never made it to production
09 Jun, 2026 | 05 Mins read

A retail chain with 400 stores spent two years and $2.1 million building an inventory optimization model. The model was technically excellent. It reduced predicted stockouts by thirty-two percent and

Data mesh in practice: year 2 retrospective
Data mesh in practice: year 2 retrospective
16 Jun, 2026 | 05 Mins read

An insurance company with $400 million in premium volume adopted data mesh two years ago. The central data team had become a bottleneck. Every business unit — claims, underwriting, actuarial, and dist

Designing guardrails: a practical architecture guide
Designing guardrails: a practical architecture guide
21 Jun, 2026 | 06 Mins read

The guardrail problem in AI is a tension between two failure modes. Too few guardrails and the system produces harmful, inaccurate, or brand-damaging outputs. Too many guardrails and the system refuse

When your AI vendor goes bankrupt — surviving platform lock-in
When your AI vendor goes bankrupt — surviving platform lock-in
23 Jun, 2026 | 05 Mins read

A healthcare analytics company received notice on a Tuesday afternoon that their primary AI infrastructure vendor was filing for Chapter 7 bankruptcy. The platform hosted their patient risk stratifica

Sovereign AI: why countries are building their own models
Sovereign AI: why countries are building their own models
27 Jun, 2026 | 03 Mins read

France released a fully open-source large language model trained on curated French-language data. India announced a multilingual model covering 22 scheduled languages. The UAE expanded its Falcon mode

Real-time fraud detection: from proof-of-concept to production in 90 days
Real-time fraud detection: from proof-of-concept to production in 90 days
30 Jun, 2026 | 05 Mins read

A payment processor handling twelve million transactions per day had a fraud detection system that was accurate but slow. The system reviewed transactions in batch, four times per day. A fraudulent tr

Consolidating 47 data sources into one knowledge layer
Consolidating 47 data sources into one knowledge layer
01 Jul, 2026 | 05 Mins read

A global professional services firm with 8,000 consultants maintained institutional knowledge across forty-seven separate systems. Project proposals lived in a document management system. Client engag

Metadata Management for AI Governance
Metadata Management for AI Governance
24 May, 2024 | 03 Mins read

# Metadata Management for AI Governance AI systems in production require metadata management to support compliance, auditing, and model oversight. Without systematic tracking of model lineage, traini

Case Study: End-to-End RAG Platform for Customer Support
Case Study: End-to-End RAG Platform for Customer Support
05 Dec, 2025 | 05 Mins read

A SaaS company with 200 support agents and 10,000+ knowledge base articles had an 18-hour average response time and 23% first-contact resolution. Their largest enterprise client threatened to cancel a

The Governance Layer: Managing AI Risk, Compliance, and Audit
The Governance Layer: Managing AI Risk, Compliance, and Audit
07 Feb, 2026 | 13 Mins read

A healthcare system deployed an AI triage assistant. It worked well in testing. In production, it started routing patients with chest pain to low-priority queues. The error was subtle and infrequent.

Case Study: Building a Production AI Knowledge Layer for Financial Services
Case Study: Building a Production AI Knowledge Layer for Financial Services
01 Mar, 2026 | 10 Mins read

A regional bank's investment research team spent 60% of their time gathering information and 40% doing analysis. Analysts had to search through regulatory filings, internal research memos, market data

Case Study: Multi-Agent System for Supply Chain Optimization
Case Study: Multi-Agent System for Supply Chain Optimization
13 Jun, 2026 | 12 Mins read

A mid-size automotive parts manufacturer with operations spanning 15 countries and relationships with over 200 suppliers faced a supply chain coordination problem that was consuming too much of their

Responsible AI by Design: Integrating Ethics into AI Architecture
Responsible AI by Design: Integrating Ethics into AI Architecture
02 Jun, 2026 | 09 Mins read

Responsible AI is not a checklist you complete before deployment. It is a set of architectural decisions that you make throughout the design process, each of which involves trade-offs that are real an