GDPR-Compliant AI: Using AI on Personal Data

GDPR doesn't mention AI much, but it applies the moment your AI touches personal data, which is almost any business use. The same principles you already follow carry straight over: you need a lawful basis, you minimize the data, you are transparent about it, and you keep it secure.

AI adds three pressure points to those familiar rules:

• Volume and reach. An assistant connected to your CRM can process personal data at a scale that makes sloppy handling expensive fast.
• The training question. If a vendor uses your prompts to train, you have effectively disclosed personal data to a third party for a new purpose. That needs a lawful basis and usually a contract that forbids it.
• Automated decisions. GDPR Article 22 gives people the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects them. AI makes those easy to build by accident.

Treat AI as a new processing activity over data you already hold, and the GDPR analysis becomes familiar.

Two things carry most of the weight: a lawful basis and data minimization.

Lawful basis. Pick one before you process, usually legitimate interest or contract necessity for internal business uses, consent where required. Document it. If you are using AI for a genuinely new purpose on data you collected for something else, check that the new purpose is compatible or get fresh consent.

Minimization. Send the model the least personal data that does the job. In a retrieval setup this is natural: you pass the few relevant snippets needed for one answer and leave the rest of your customer database out of the prompt. Pseudonymize or redact identifiers where the task doesn't need them. A model can summarize a support thread without the customer's full name and account number in the prompt.

The contractual layer then closes the loop: a data processing agreement on a business or enterprise tier that disables training, sets short retention, and lists the sub-processors. That turns "we send data to a US AI vendor" into a documented, lawful arrangement rather than an open question.

Data residency is the question European legal teams ask first, and it has a clean answer now. The major providers can be deployed in EU regions.

• Azure OpenAI offers EU data residency and can keep both processing and storage in European regions.
• AWS Bedrock and Google Vertex AI let you pin model inference to EU regions, and both Anthropic's and other models are available there.
• Self-hosted open-weight models (Llama, Mistral) run entirely on infrastructure you place wherever you choose, including on-premise in the EU.

Where data does cross to the US, the EU-US Data Privacy Framework plus standard contractual clauses provide the transfer mechanism, and you record it in your processing register. The point is that EU data residency for AI is a configuration choice and a contract, not a reason to avoid AI. Pin the region, get it in writing, and document the transfer basis for anything that does leave.

Two GDPR rights need explicit handling once AI is in the loop.

Access and erasure. People can ask what personal data you hold and ask you to delete it. Keep the personal data in your own systems and use AI as a reasoning layer over it. Avoid copying it into the model's environment. Then a deletion in your system is a real deletion, and you are not chasing data scattered across prompt logs. Set short retention on the vendor side so prompt history expires quickly and leaves no shadow copy.

Automated decisions. Don't let AI be the sole decider on anything with legal or similarly significant effect on a person, like a hiring rejection, a credit decline, or terminating a service. Keep a qualified human accountable for the decision, with the AI as input. This both satisfies Article 22 and keeps you out of the EU AI Act's high-risk obligations, which fall hardest on systems used for things like hiring, creditworthiness, and access to essential services.

The recurring mistake is treating prompt logs as harmless. Every prompt that contains personal data is itself personal data processing, and on a consumer tier it may be retained and used to improve the product. Companies lock down their database, then quietly export the same personal data into a chatbot with no contract, no retention limit, and no residency control. That is the leak that fails an audit, and it usually comes from individual employees acting on their own. The fix is to make a contracted, region-pinned, training-disabled tool the easy default so the personal data never reaches an ungoverned one. Skipping this is one of the quiet reasons projects stall in the last mile before production. If you want the governed default scoped against your real workflows and actually used, the AI Chief of Staff sets it up over WhatsApp. To map which of your use cases would count as high-risk under the EU AI Act before you build, run the free AI risk assessment generator.