How would you handle compliance and data privacy requirements in an AI product, such as GDPR or CCPA?