Back to blog
    Compliance9 min read

    AI and GDPR: how to keep prompts compliant

    GDPR does not ban AI, but it does require control. Learn the practical rules for prompts, redaction, logging, retention, and access when using LLMs at work.

    GDPR and AI are often framed as if they were in conflict.

    They are not.

    GDPR does not say "do not use AI." It says that if you process personal data, you need a lawful basis, purpose limitation, data minimization, access controls, retention discipline, and a way to respond when people exercise their rights.

    That matters a lot for prompts, because prompts are not just text. In many companies, prompts are a data-processing step.

    The real GDPR question

    The question is not "can we use ChatGPT or Claude?"

    The question is:

    Can we prove that personal data is handled with the right controls before, during, and after the prompt is sent?

    If the answer is unclear, you have a compliance gap.

    The controls that matter most

    1. Data minimization

    Only send the data the model truly needs.

    If the task is to summarize a case, the model probably does not need:

    • full identity details
    • every historical note
    • unrelated invoice data
    • the raw internal thread

    The more data you send, the more you have to justify.

    2. Purpose limitation

    The prompt should be tied to a specific use case.

    If a request is for customer support summarization, do not quietly reuse the same data for marketing, profiling, or ad hoc analysis unless the policy allows it.

    3. Access control

    Not every employee should be able to send every kind of data to the same model.

    Role-based controls help separate:

    • sales prompts
    • legal prompts
    • support prompts
    • finance prompts

    That separation matters when the content is sensitive.

    4. Logging and traceability

    If you cannot answer who sent what, when, through which workflow, and under which policy, you do not have enough visibility.

    Logs should show the control flow without exposing unnecessary raw data.

    5. Retention and deletion

    Do not keep prompt data forever just because it is easy.

    Define:

    • how long prompts are stored
    • what gets redacted in logs
    • when records are deleted
    • what happens if a subject requests access or deletion

    6. Human review for critical cases

    If a prompt includes high-risk data or a decision with legal or financial impact, route it to a human before it reaches the model or before the response is acted on.

    What compliance teams usually miss

    The biggest mistake is thinking about the model and forgetting the workflow.

    The model is only one part of the chain.

    The chain includes:

    • the user who starts the request
    • the source system that contains the data
    • the gateway that classifies and transforms the prompt
    • the model provider
    • the response handler
    • the storage layer that logs the event

    GDPR risk can appear at any point in that chain.

    Why a gateway helps

    A privacy gateway gives you a concrete control point before the data leaves your environment.

    It can:

    • detect sensitive fields
    • redact or mask them
    • block disallowed requests
    • route risky prompts to human review
    • keep a trace of what was allowed through

    That is much easier to explain in a compliance review than "people are careful."

    A practical policy model

    We recommend classifying prompts into three groups:

    1. Standard prompts: no sensitive data, low risk, can be sent automatically.
    2. Transformed prompts: personal or confidential data is masked before sending.
    3. Restricted prompts: high-risk data, blocked or reviewed by a human.

    This model is simple enough for operations teams and strong enough for privacy teams.

    Example

    Suppose a legal ops team wants to summarize a renewal risk.

    Raw prompt:

    "Summarize the renewal risk for Maria Lopez at ACME. The contract number is CT-48291 and the outstanding amount is EUR 48,200."

    Controlled prompt:

    "Summarize the renewal risk for [PERSON_01] at [COMPANY_01]. The contract number is [CONTRACT_01] and the outstanding amount is [AMOUNT_01]."

    The task still works. The exposure is lower. The workflow is easier to audit.

    What to document

    If you want this to hold up in a real review, document:

    • the data categories you handle
    • the purpose of each prompt flow
    • the redaction rules
    • the retention policy
    • who can approve exceptions
    • which providers receive the prompts

    That documentation is often the difference between an AI pilot and a production-ready process.

    Privacy Gateway as the implementation layer

    Privacy Gateway exists to make this practical.

    It sits between the user or system and the LLM, so prompts are not just sent raw by default. They are classified, controlled, and audited before the model sees them.

    If your team is trying to bring AI into a regulated workflow, this is the layer that makes the conversation concrete.

    See the Privacy Gateway overview for the product view, or contact us if you want help shaping the control model.

    Want to apply this in your company?

    Let's talk about how agentic AI can transform your processes.

    Contact us