GDPR Compliance for AI Tools: What Your Security Team Must Know in 2025

The GDPR problem hiding in plain sight

Most organisations have a GDPR compliance programme. They have a DPO, a records of processing activities, a data subject rights process. What most of them do not have is a clear answer to this question: What data are our employees sharing with AI tools, and under what legal basis?

The reason this question is rarely asked is that most GDPR programmes were designed around the organisation's systems: the CRM, the ERP, the HR platform. The idea that employees are ad-hoc data processors using consumer AI tools on their work laptops was not in scope when most of these programmes were built.

It is in scope now.

Article 28: The Data Processing Agreement requirement

GDPR Article 28 requires that when a data controller (your organisation) shares personal data with a third-party data processor (a company that processes data on your behalf), a Data Processing Agreement must be in place. The DPA must specify:

• The subject matter and duration of the processing
• The nature and purpose of the processing
• The type of personal data and categories of data subjects
• The obligations and rights of the controller

When your employee pastes a customer list into ChatGPT on the free tier, OpenAI becomes a de facto data processor, and there is no DPA. The processing is unlawful under Article 28.

The enterprise plans from major AI providers (ChatGPT Enterprise, Gemini for Google Workspace, Claude for Business, Copilot for M365) all offer DPAs. The consumer plans do not. This is the single most actionable GDPR fix for most organisations: procure enterprise plans for the tools your employees actually use, and communicate clearly which tiers require which use cases.

Article 32: Technical and organisational security measures

GDPR Article 32 requires that data controllers implement “appropriate technical and organisational measures” to ensure security of processing. In practice, when a supervisory authority investigates an AI-related breach, they will ask:

1. Did you have an acceptable-use policy for AI tools?
2. Did you have technical controls to enforce or monitor compliance?
3. Did you have an audit trail demonstrating those controls were active?

A policy document answers question 1. It does not answer questions 2 or 3. A regulator with the power to impose an Article 83 fine will not accept a PDF as evidence of a working technical control.

This is the compliance gap that organisations need to close: the distance between “we have a policy” and “we have technical evidence that the policy is being monitored and enforced.”

Article 5: Data minimisation and purpose limitation

Two of GDPR's core principles under Article 5 are especially relevant to AI tool usage:

Data minimisation: personal data must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.” An employee pasting an entire customer database to write a summary email is not minimising data, as they are giving the AI tool access to every customer record when they needed information about three.

Purpose limitation: personal data collected for one purpose cannot be used for another without a new legal basis. Customer data collected for product delivery cannot be repurposed as AI training data. If the AI provider retains your employee's inputs (under consumer terms), your customer's data is now being processed for a purpose (model training) for which no lawful basis exists.

Article 33: The 72-hour breach notification clock

If a personal data breach occurs (including unauthorised access to personal data, or disclosure to a third party without a lawful basis), GDPR Article 33 requires notification to the relevant supervisory authority within 72 hours of becoming aware.

Here is the problem: if you have no monitoring of AI tool usage, you will not know that a breach occurred. The 72-hour clock starts when you become aware. But if your awareness depends on an employee self-reporting that they pasted customer data into ChatGPT without authorisation, the breach will very likely go unreported.

Continuous monitoring of AI tool usage creates the awareness that triggers the clock, and also provides the evidence that supports the breach assessment.

The ICO's position on AI tools

The UK Information Commissioner's Office (ICO) published guidance in 2024 stating that organisations must carry out data protection impact assessments (DPIAs) before using AI tools for processing personal data at scale. The ICO has indicated that employee use of consumer AI tools is on its enforcement radar.

The European Data Protection Board (EDPB) has issued multiple opinions noting that GDPR applies to personal data processed through AI systems, including inputs to large language models. The Italian DPA (Garante) temporarily blocked ChatGPT in 2023 specifically over Article 13/14 transparency concerns, a precedent for enforcement action against AI tool usage.

Building a compliant AI programme

A GDPR-compliant enterprise AI programme has four components:

1. Approved tool list with DPAs: identify the AI tools employees may use with personal data. Procure enterprise plans with DPAs for each. Publish the list and the data categories each tool may receive.
2. DPIA for high-risk use cases: carry out Data Protection Impact Assessments for AI use cases involving special category data (health, HR, financial) or systematic evaluation of individuals.
3. Technical monitoring: deploy browser-level monitoring to detect when personal data is shared with AI tools, providing the Article 32 evidence of technical measures. AIovert provides this without storing raw content, as only classifications and hashes are logged.
4. Audit trail: maintain a searchable, exportable log of AI-related events. This is what you hand to the regulator when they ask for evidence. The log must include timestamps, employee identifiers, the AI tool, and the data classification detected.

What to tell your board

The board-level message on AI and GDPR is simple:

We have employees using AI tools with customer personal data. Under current practices, some of this processing lacks the legal basis required by GDPR Article 28. The maximum fine for Article 83(5) violations is 4% of global turnover. We are implementing browser-level monitoring and an enterprise AI programme to close this gap. Total cost is [X]. Expected risk reduction is significant.

No board has refused to fund a compliance programme when the alternative is presented as a percentage of global turnover.