GDPR-compliant AI: what data belongs in an AI system, and what doesn't

qw
vc
mshm
Trending AI Topics
July 8, 2026
Cinematic image of a glowing shield with a padlock filtering data sources, symbolising GDPR-compliant AI.

GDPR-compliant AI means you only feed business and customer data into an AI system that you're legally allowed to process under the GDPR: with a data processing agreement, a clear legal basis, and a human checking the output. Anonymous or public information is fine almost anywhere, personal data and sensitive business data belong only in a business AI environment with the right safeguards, and sensitive categories such as medical or financial records need extra measures like a DPIA. For most SMEs, this isn't a legal puzzle, it's a matter of having a clear internal policy.

Last updated: 2026-07-08

Summary

 

  • Customer or employee personal data doesn't belong in a free AI tool without safeguards.
  • A business AI subscription with a data processing agreement often does make customer data processing possible.
  • The EU AI Act requires human oversight and transparency for high-risk AI from 2 August 2026.
  • Shadow AI takes hold without clear policy: employees pick their own tools, and their own risks.
  • An AI register and a simple do/don't framework prevent most GDPR risks in practice.

GDPR-compliant AI means you only feed business and customer data into an AI system that you're legally allowed to process under the GDPR: with a data processing agreement, a clear legal basis, and a human checking the output. Anonymous or public information is fine almost anywhere, personal data and sensitive business data belong only in a business AI environment with the right safeguards, and sensitive categories such as medical or financial records need extra measures like a DPIA. For most SMEs, this isn't a legal puzzle, it's a matter of having a clear internal policy.

 

 

Why 'just pasting something into ChatGPT' is a GDPR risk

 

An employee pastes a customer's complaint into ChatGPT to draft a reply letter. Small gesture, big risk. The moment a name, email address, or customer number shows up in that text, you're processing personal data under the GDPR.

The Dutch Data Protection Authority (AP) warns about this explicitly: entering personal data into an AI chatbot can give the chatbot's provider unauthorised access to that data, and that legally counts as a data breach (Autoriteit Persoonsgegevens, 2026). The AP has already received multiple breach reports where employees shared patient or customer data with an AI chatbot.

Entering personal data into a free AI tool counts as processing under the GDPR, with or without prior consent. Processing is permitted on one of six legal bases from Article 6 GDPR: consent, contract, legal obligation, vital interest, public task, or legitimate interest (Regulation (EU) 2016/679, art. 6). For most SME use cases, legitimate interest or contract is the most logical basis, but that basis stops holding up the moment you lose grip on where the data ends up.

 

 

* Illustration of a chat bubble with a document leaking toward unknown servers, symbolising the risks of AI chatbots.
Pasting customer data into a free AI tool can count as a data breach.

 

 

The problem runs deeper than isolated incidents. Research from Microsoft and LinkedIn shows that 78% of AI users bring their own AI tools to work outside of IT's radar, rising to 80% at smaller organisations (Microsoft & LinkedIn Work Trend Index, 2024). That's shadow AI: AI use that leadership or IT has no visibility into, with no idea which data goes where.

It comes with a price tag. IBM calculated that a data breach involving shadow AI costs an average of 670,000 US dollars more than a regular breach, and that 20% of the organisations studied experienced such an incident in the past year (IBM Cost of a Data Breach Report, 2025). For an SME, that's not an abstract number: it's the reason to have a framework in place beforehand instead of cleaning up after the fact.

 

 

What's allowed, what isn't: the data categories mapped out

 

Not all business data is equally sensitive, and not every AI tool is equally safe. The distinction that matters: is this personal data or confidential business information, and does the AI tool process that data within the EU under a data processing agreement? The overview below shows, category by category, what's allowed and what isn't without extra safeguards.

Don't judge this by the type of AI tool alone, but also by the contract you have with the vendor. Two businesses using the same AI tool can still carry a different risk level, simply because one has signed a data processing agreement and the other hasn't.

 

Public and anonymised information

 

  • Allowed: General questions, industry research, anonymised sample text, and publicly available information can go into almost any AI tool, including the free version.
  • Not allowed: The moment “anonymised” data is still traceable via a customer number or a unique situation, it's no longer anonymous, and the same rules apply as for personal data.

 

Customer and employee personal data

 

  • Allowed: Processing in a business AI subscription with a data processing agreement (DPA), no training on your input, and a documented legal basis such as contract or legitimate interest.
  • Not allowed: Pasting names, email addresses, or customer numbers into a free or Plus version of a consumer AI tool with no DPA.

 

Financial and legal business data

 

  • Allowed: Analysing within an environment with EU hosting, access controls, and a documented retention period, for example through your own AI agent working on your own data.
  • Not allowed: Uploading contracts, salary data, or annual figures to a public AI chat without knowing where that data is stored.

 

Medical and special category personal data

 

  • Allowed: Processing after a Data Protection Impact Assessment (DPIA), with an explicit legal basis and demonstrable oversight via human-in-the-loop on every decision.
  • Not allowed: Automatically processing medical records, national ID numbers, or job applicant assessments without a DPIA and without human review.

 

Passwords, source code, and intellectual property

 

  • Allowed: Using them in a locked-down, self-hosted, or enterprise environment where you control who has access and whether the data ever leaves the company.
  • Not allowed: Sharing passwords, API keys, or source code with a public AI tool, not even “just quickly” to debug an error message.

 

 

* Comparison visual with two boxes: 'allowed' and 'not allowed' for data policy in AI use.
Not every data source can simply go into an AI system.

 

 

The rule of thumb is simple: the more traceable and sensitive the data, the more safeguards you need before that data can go into an AI system. If you're unsure about a category, treat the data as personal data until you've confirmed otherwise.

 

 

GDPR and the EU AI Act: what SMEs need to know now

 

Alongside the GDPR, the European AI Act (EU AI Act) has applied since 1 August 2024, rolling out in phases. For most SME use cases, like ChatGPT for marketing copy or Copilot in Microsoft 365, you fall under minimal or limited risk. That changes the moment AI starts deciding things about people.

The regulation splits AI systems into four risk classes: prohibited, high risk, limited risk, and minimal risk. Article 6 of the AI Act classifies an AI system as high risk once it falls under the use cases in Annex III, such as recruitment and selection, credit scoring, or profiling of natural persons (EU AI Act, Article 6). If you use AI purely for text, summaries, or internal analysis without making decisions about individuals, you'll usually fall outside that category.

 

 

* Two overlapping shield icons symbolising the GDPR and the EU AI Act.
The GDPR and the EU AI Act work together, not in isolation.

 

 

The full set of obligations for high-risk AI, such as a risk management system, quality assurance for training data, technical documentation, logging, and demonstrable human oversight, follows a phased timeline (European Commission, Regulatory framework for AI). The European Commission names 2 August 2026 as the date the AI Act becomes fully applicable, with a longer transition period until December 2027 for part of the high-risk use cases following the political agreement to simplify the law. The transparency obligation for chatbots and AI-generated content does take effect on 2 August 2026: users need to know they're communicating with an AI system.

In the Netherlands, the Dutch Data Protection Authority (AP) and the Netherlands Authority for Digital Infrastructure (RDI) jointly supervise the AI Act (Autoriteit Persoonsgegevens, EU AI Act). For most SMEs, the practical work stays manageable: recording which AI tools are in use, which risk level applies, and whether employees know enough to use the tool responsibly. That last requirement, AI literacy, has already applied since 2 February 2025.

The AI Act doesn't hit every use of AI equally hard: the heaviest obligations only kick in once AI starts deciding things about people in sensitive situations.

 

 

How to set up AI governance without shadow AI

 

Shadow AI doesn't happen because employees are careless. It happens because there's no clear alternative: block ChatGPT without offering an approved substitute, and people switch to their own account on their own phone instead.

Governance without shadow AI starts with a framework people actually use: a short AI policy on which tools and which data are allowed, an AI register of tools already in use, and someone who owns that policy. For most SMEs that's not a full-time role, but it is a clear one: comparable to a Fractional Chief AI Officer who reviews AI choices on the board's behalf, without you building a full-time team for it yourself.

 

 

* Separate workplace icons connected through a central hub, symbolising AI governance without shadow AI.
Governance connects separate AI tools into one overview.

 

 

Responsible AI implementation isn't about banning AI, it's about making AI visible and controlled. When AI tools become part of one coherent system instead of scattered experiments, every digital worker operates within the same boundaries: the same access controls, the same data sources, the same owner. We call that an AI Business Brain: a single place where AI use, data, and governance come together instead of being spread across separate tools and accounts.

 

 

EU hosting, data ownership, and human-in-the-loop as core principles

 

Three principles determine whether an AI stack is demonstrably under control, regardless of which tool you use. They work best combined, not in isolation.

The first principle is EU hosting: data that stays within the EU falls under one consistent legal framework instead of a patchwork of rules that vary by country outside the EU. The second principle is data ownership: the data your AI system uses or generates stays the property of your business, not the AI vendor, and isn't used to train anyone else's models. The third principle is human-in-the-loop: an AI system may advise or draft something, but a human checks and decides before it has consequences for a customer, employee, or contract.

Data ownership means your business data never silently becomes an AI vendor's training material. Check that explicitly in the terms of service or the data processing agreement before you roll a tool out company-wide.

These three principles aren't a legal checklist you run through afterwards. They belong in the design of your AI stack, from the very first choice of tool or vendor.

The three principles reinforce each other. EU hosting without clear data ownership solves little if a vendor can still use your data to train a model. Data ownership without human-in-the-loop leaves decisions to a system nobody is checking. Only once all three are in place can you show your AI stack is responsibly set up, not just that it happens to have caused no problems yet.

 

 

Practical checklist: GDPR-compliant AI use in 5 steps

 

The steps below are a practical starting point. You don't need to finish this in a day, but do start this week.

 

  1. Take stock of which AI tools are already in use, by whom, and with what data.
  2. Classify each tool's risk level: minimal, limited, or high risk under the AI Act.
  3. Sort out the data processing agreement with every vendor you process personal data with, including a no-training guarantee.
  4. Write a short AI policy: which data is allowed, which isn't, and who owns those decisions.
  5. Train your team in the basics of AI literacy and repeat it every quarter.

 

 

* Five numbered steps for GDPR-compliant AI use, from taking stock to training.
Five steps to GDPR-compliant AI use in practice.

 

 

The Dutch government advises businesses to do exactly this before the obligations take effect: take stock of AI systems, determine the risk level per system, and record who's responsible for what (Business.gov.nl, Rules for working with safe AI). Five steps, not a year-long project: most SMEs can get this done with one focused day and the right prioritisation.

 

 

Frequently asked questions

 

Can I use customer data in ChatGPT or Copilot?

 

Only in a business version with a data processing agreement and a no-training guarantee, such as ChatGPT Team or Enterprise, or Copilot within a business Microsoft 365 subscription. In the free or Plus version, you risk your input being used to improve the model, and that's not allowed for customer data under the GDPR. If in doubt, explicitly ask your vendor for the data processing agreement before entering customer data, rather than relying on the general terms of service.

 

What's the difference between GDPR-compliant and AI Act-compliant?

 

The GDPR governs how you process personal data, regardless of which technology you use. The EU AI Act specifically governs the AI system itself: which risk class it falls into and which technical and organisational requirements come with that. So an AI tool can be GDPR-compliant in how it handles data, and still need to meet additional AI Act obligations if it falls into the high-risk category, think job applicant assessment or credit scoring. For most SME use cases that distinction rarely comes up in practice, but it's worth knowing which law covers which risk.

 

Which business data should never go into a public AI tool?

 

Passwords, API keys, source code, medical records, salary data, and special category personal data should never go into a public, non-business AI tool. The moment such a tool offers no data processing agreement and no guarantee that your data won't be used for training, the risk is too high. Treat these categories as a hard line in your AI policy, not a guideline you can bend in exceptional cases.

 

Does the GDPR require an AI tool to host in the EU?

 

Not required, but it is practical. The GDPR allows transfers outside the EU with additional safeguards such as Standard Contractual Clauses, but EU hosting makes it simpler to stay demonstrably in control. For sensitive sectors such as healthcare, government, and financial services, EU hosting is often the only practically viable option.

 

What does 'human-in-the-loop' mean for AI governance in practice?

 

It means an AI system can advise, summarise, or draft something, but a human checks the output before it has consequences for a customer, employee, or contract. For high-risk use cases such as job applicant assessment, that's no longer a choice but an obligation under the EU AI Act.

 

How do you prevent shadow AI in your organisation?

 

Offer an approved alternative before you ban anything: a business AI subscription with the right safeguards works better than a block with no substitute. Also write a short AI policy and an AI register, and appoint someone who owns those decisions. Revisit those agreements regularly, because new AI tools appear faster than policy documents get updated.

 

When do you need a DPIA (data protection impact assessment) for AI?

 

The moment an AI application poses a high risk to the rights and freedoms of the people involved, for example large-scale profiling, job applicant assessment, or medical data processing. If you're unsure, run a DPIA anyway: the cost of checking beforehand is always lower than the cost of a data breach afterwards.

 

What are the risks of AI tools that process data outside the EU?

 

The biggest risk is loss of control: you no longer know exactly which legal system your data falls under, how long it's retained, or who has access to it. For transfers outside the EU, the GDPR requires additional safeguards, and without them the processing isn't lawful.

 

 

How to use AI without GDPR risk

 

Want to use AI without running GDPR risks? We help SMEs set up an AI stack that's compliant from day one, including data ownership and human-in-the-loop.

View EU AI Act Compliance

Read more articles

From insight to impact.
We translate AI oportunities into practical profit for your business.
z
z
z
z
i
i
z
z