When a ChatGPT Prompt Becomes a GDPR Breach: The 72-Hour Problem

The anatomy of an accidental breach

A sales manager exports thirty customer records and pastes them into a free AI chatbot to draft renewal emails. It takes eleven seconds. Walk through what GDPR says happened in those eleven seconds:

1. Personal data was disclosed. Names, emails, and contract details are personal data under Article 4(1). The AI provider, on consumer terms, is a third party with no Data Processing Agreement, so the company has no Article 28 processor relationship covering the transfer.

2. The disclosure was unauthorised. Article 4(12) defines a personal data breach as:

“a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” Article 4(12), GDPR

An employee acting outside policy, sending personal data to an unvetted third party, fits squarely within “unauthorised disclosure”. The European Data Protection Board's breach guidelines treat unauthorised disclosure to third parties as a confidentiality breach regardless of intent.

3. The notification analysis began. Article 33(1) requires:

“In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority… unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.” Article 33(1), GDPR

If the risk threshold is met, Article 34 may additionally require telling the affected customers. Either way, Article 33(5) requires documenting every breach, even ones you decide not to notify.

“We never knew” is not a defence

The 72-hour clock starts at awareness, and companies sometimes read that as a loophole: no monitoring, no awareness, no deadline. Regulators read it the opposite way. Article 32 requires:

“…the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.” Article 32(1), GDPR

By 2026, employees pasting data into AI tools is one of the best-documented exfiltration channels in existence. A controller with no measures addressing it has an Article 32 problem independent of any breach, and when the breach surfaces later (a customer complaint, a vendor incident, a leaked conversation), the company faces the original breach, the Article 32 gap, and a late or missing Article 33 notification, stacked.

That stacking is not hypothetical. In December 2024 the Italian Garante fined OpenAI €15 million, the grounds including failures around breach notification and transparency. The Court of Rome later annulled the fine — ruling on 18 March 2026, with full reasoning published on 28 May 2026 — but the annulment turned on jurisdiction, not substance: under the GDPR one-stop-shop the Irish DPC, not the Garante, is OpenAI's lead supervisory authority. The conduct findings were never overturned on the merits. The episode still shows how EU authorities frame AI-adjacent incidents — each procedural failure as its own violation — and it is a reminder that the lead-authority question decides who can enforce, even when the underlying analysis stands.

The fine arithmetic

• Articles 32 and 33: up to €10 million or 2% of global annual turnover (Article 83(4)).
• Articles 5 and 6 (lawfulness, minimisation, purpose limitation): up to €20 million or 4% (Article 83(5)). An AI paste that doubles as unlawful processing for the provider's model training reaches this tier.
• Parallel AI Act exposure: from 2 August 2026, national market surveillance authorities can also examine the same incident through the AI Act lens: where were the deployer's Article 4 literacy measures?

One mitigating pattern shows up consistently in enforcement practice: organisations that can document working safeguards are treated more leniently, even when an employee circumvented them. The evidence is the discount.

Closing the gap: prevention, awareness, proof

1. Sanction tools properly. Enterprise AI plans (ChatGPT Enterprise, Claude for Business, Gemini for Workspace, Copilot for M365) come with DPAs. Publish which tools are approved for which data categories.
2. Block the breach at the source. The only intervention that fully avoids the Article 33 analysis is the paste that never happens. Browser-level blocking that cancels a sensitive paste on-device, before the data reaches the AI tool, converts a reportable incident into a logged near-miss.
3. Create awareness you can act on. For whatever is not blocked, real-time detection gives you the awareness Article 33 assumes: what was shared, when, with which tool, at what severity, the inputs of the 72-hour assessment.
4. Keep the Article 33(5) file. An exportable, timestamped log of AI data events doubles as your breach register and your Article 32 evidence. Critically, the log itself must not become a second copy of the leaked data. Record classifications, never content.

The question to ask your team this week

“If an employee pasted customer data into an AI chatbot this morning, when would we find out, and what would we be able to show the regulator?”

If the honest answers are “never” and “a policy PDF”, the 72-hour clock is a trap waiting to spring. The fix is neither expensive nor slow. It is visibility plus prevention at the only place the leak actually happens: the browser.