← All articles
Shadow AI

GDPR and AI chatbots: can you put personal data into ChatGPT or Copilot?

7 July 2026 · Redactprompt · 7 min read

GDPRChatGPTCopilotDeepSeekData breach

A colleague lets Copilot quickly summarize a case file. Someone else pastes a customer list into ChatGPT to turn it into a tidy email. It feels harmless and it saves time. Except that case file and that list contain something you do need to be careful with: personal data.

The moment those end up in a prompt, you are processing personal data, and then the General Data Protection Regulation (GDPR) applies. Sometimes it is even a data breach you have to report to the regulator within 72 hours. In this post you’ll read what is and isn’t allowed, when it counts as a data breach, and what the Dutch Data Protection Authority actually warns about. DeepSeek included.

Let your team use AI. Without the data breaches.

Redactprompt strips names, BSNs, IBANs and customer data out of the prompt locally before it reaches a chatbot, and gives you central policy and per-chatbot insight. Free to start, no credit card.

Start free

When does your data fall under the GDPR?

A personal data point is any information about a person that you can trace back to that person. Think of a name, an email address, a phone number, a BSN, a customer number or a complete case file. Even a loose sentence like “the complaint from Mrs De Vries in Utrecht” counts.

Once something like that is in your prompt, you are processing personal data and the GDPR applies. And then it matters a great deal who you hand those data to, and what happens with them next.

Can you put personal data into ChatGPT or Copilot?

That depends on which version you use and what you have agreed with the provider.

To be allowed to process personal data you need a legal basis. And once you bring in an external chatbot, the provider processes those data on your behalf. For that you need a data processing agreement, setting out what happens with the data and that they aren’t simply stored or reused.

With a free ChatGPT account, created on a personal email address, none of that is arranged. What you enter is stored and can be used to train the model further. You hand the data over without keeping any control over them. With a business or enterprise version it can be responsible, provided the processing agreement and the retention terms are in order. Watch where the data end up as well. Transfer outside the EU is only allowed under strict conditions.

When is it a data breach?

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) is clear about this. If an employee uses a chatbot on their own initiative, against the agreements, and enters personal data while doing so, that is a data breach. The company behind the chatbot then gets access to those data without that being allowed or intended.

If using the chatbot is actually part of your policy, then it isn’t a data breach, but according to the AP it is often still not permitted. You want to avoid both situations. And for a genuine data breach the usual rule applies: you report it within 72 hours to the AP, unless it poses no risk to the people involved.

What does the Dutch DPA say?

This is not a theoretical risk. As early as August 2024 the AP received data breach reports because employees put personal data of, for example, patients or customers into AI chatbots like ChatGPT and Copilot. By late 2025 that number is climbing fast, and the regulator points mainly at employees who start using free AI tools on their own.

That last part is the heart of the problem. This unnoticed, unauthorized use is called shadow AI, and it happens exactly where you can’t see it: in your employee’s browser, outside your control.

And DeepSeek?

With DeepSeek it gets even more sensitive. On 3 February 2025 the AP urged people to be very careful and reserved with the Chinese chatbot. Users’ personal data, including those of Dutch users, are stored on servers in China, and transfer outside the EU is only allowed with sufficient safeguards. China has no adequacy decision from the European Commission, so those safeguards aren’t there by default.

AP chairman Aleid Wolfsen pointed out that you become liable yourself the moment you enter other people’s data. “If you upload other people’s data, it ends up in the same place in China (…). That kind of unlawful transfer makes you liable.” The Dutch government even banned DeepSeek entirely for civil servants in early 2025, on the grounds that it was a spyware-prone app. For personal data it is simply not a sensible place.

If you want to be sure nobody in your organization accidentally pastes something in anyway, you can lock a chatbot like DeepSeek down completely.

The AI Chatbots page in the Redactprompt dashboard. In the Risk section, DeepSeek and other Chinese chatbots such as Doubao, Qwen and Kimi are set to Blocked, while well-known tools like ChatGPT, Copilot and Claude are allowed.
You lock down chatbots like DeepSeek centrally, while approved tools keep working.

From rules to control

A policy on paper is a fine start, but it stops nothing the moment things go wrong. Your employee’s browser never read that document. You can only really steer once you see what is happening.

And you can do that without reading your colleagues’ prompts. You see which data go to which chatbot as categories and counts, never as content.

Reporting page of the Redactprompt dashboard showing the number of scanned prompts, how many of them contained sensitive data and the detection rate, shown as aggregate figures without the content of prompts.
A view of what goes to AI, as aggregate figures and without reading along.

From there, prevention gets a lot easier. Redactprompt strips sensitive data out of the prompt before it is sent and replaces them with a label or a workable pseudonym, so the chatbot still gives a usable answer. And chatbots you don’t want, you lock down centrally. That way you let your team work with AI without a data breach happening.

Prevent data breaches into AI chatbots.

Start free, get a view of what your team sends to AI, and have sensitive data stripped from the prompt automatically. No account needed to begin, no credit card.

Start free

Frequently asked questions

Can you use ChatGPT at work under the GDPR?
Using ChatGPT at work is fine, as long as you don't put personal data into it. As soon as you do, the GDPR applies and you need a legal basis and a data processing agreement with the provider. A free account on a personal email address doesn't arrange that, a properly set up business licence does.
Is it a data breach if an employee pastes personal data into ChatGPT?
Often it is. According to the Dutch Data Protection Authority it is a data breach if an employee, on their own initiative and against the agreements, enters personal data into an AI chatbot. As a rule you have to report such a breach to the regulator within 72 hours.
Can you enter a BSN or other ID number into ChatGPT?
No. A citizen service number (BSN) is a legally protected identifier you may only process when the law gives you a basis for it. Entering it into an external chatbot doesn't qualify and, in practice, amounts to a data breach.
Is DeepSeek safe for business use?
For personal data, DeepSeek is not a sensible choice. The Dutch DPA urges great caution, because data are stored on servers in China and China has no adequacy decision. Government employees are no longer allowed to use it.
Can it be done with a business ChatGPT or Copilot licence?
Often it can, provided the data processing agreement, the retention period and the transfer outside the EU are properly arranged. The biggest risk usually isn't in the business licence, but in the free versions employees use alongside it.
What is a data processing agreement, and do you need one for AI chatbots?
A data processing agreement sets out what an external party may do with your personal data. If you bring in an AI chatbot that processes data on your behalf, such an agreement is mandatory under the GDPR. Without those arrangements you may not process personal data in it.

Prevent data leaks to AI chatbots

Redactprompt detects and protects sensitive data before it reaches an AI chatbot. Fully local in your browser.

See the business rollout