When using data analytics for product research and AI development, companies subject to the GDPR often find themselves in a bind – obtaining consent is impracticable (or even invalid), but using anonymous data may diminish the potential of the initiative. In this guest article, Morrison & Foerster partner Alex van der Wolk reviews the (im)possibilities of R&D under the GDPR, and addresses questions, such as: When does an activity qualify as “scientific research”? What requirements and constraints exist under the GDPR’s “research exception”? How can you operationalize R&D activities so they still fit with the GDPR? See also “Can GDPR Hinder AI Made in Europe?” (Jul. 10, 2019).