GDPR and AI chatbots: can you put personal data into ChatGPT or Copilot?
A colleague lets Copilot quickly summarize a case file. Someone else pastes a customer list into ChatGPT to turn it into a tidy email. It feels harmless and it saves time. Except that case file and that list contain something you do need to be careful with: personal data.
The moment those end up in a prompt, you are processing personal data, and then the General Data Protection Regulation (GDPR) applies. Sometimes it is even a data breach you have to report to the regulator within 72 hours. In this post you’ll read what is and isn’t allowed, when it counts as a data breach, and what the Dutch Data Protection Authority actually warns about. DeepSeek included.
Let your team use AI. Without the data breaches.
Redactprompt strips names, BSNs, IBANs and customer data out of the prompt locally before it reaches a chatbot, and gives you central policy and per-chatbot insight. Free to start, no credit card.
When does your data fall under the GDPR?
A personal data point is any information about a person that you can trace back to that person. Think of a name, an email address, a phone number, a BSN, a customer number or a complete case file. Even a loose sentence like “the complaint from Mrs De Vries in Utrecht” counts.
Once something like that is in your prompt, you are processing personal data and the GDPR applies. And then it matters a great deal who you hand those data to, and what happens with them next.
Can you put personal data into ChatGPT or Copilot?
That depends on which version you use and what you have agreed with the provider.
To be allowed to process personal data you need a legal basis. And once you bring in an external chatbot, the provider processes those data on your behalf. For that you need a data processing agreement, setting out what happens with the data and that they aren’t simply stored or reused.
With a free ChatGPT account, created on a personal email address, none of that is arranged. What you enter is stored and can be used to train the model further. You hand the data over without keeping any control over them. With a business or enterprise version it can be responsible, provided the processing agreement and the retention terms are in order. Watch where the data end up as well. Transfer outside the EU is only allowed under strict conditions.
When is it a data breach?
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) is clear about this. If an employee uses a chatbot on their own initiative, against the agreements, and enters personal data while doing so, that is a data breach. The company behind the chatbot then gets access to those data without that being allowed or intended.
If using the chatbot is actually part of your policy, then it isn’t a data breach, but according to the AP it is often still not permitted. You want to avoid both situations. And for a genuine data breach the usual rule applies: you report it within 72 hours to the AP, unless it poses no risk to the people involved.
What does the Dutch DPA say?
This is not a theoretical risk. As early as August 2024 the AP received data breach reports because employees put personal data of, for example, patients or customers into AI chatbots like ChatGPT and Copilot. By late 2025 that number is climbing fast, and the regulator points mainly at employees who start using free AI tools on their own.
That last part is the heart of the problem. This unnoticed, unauthorized use is called shadow AI, and it happens exactly where you can’t see it: in your employee’s browser, outside your control.
And DeepSeek?
With DeepSeek it gets even more sensitive. On 3 February 2025 the AP urged people to be very careful and reserved with the Chinese chatbot. Users’ personal data, including those of Dutch users, are stored on servers in China, and transfer outside the EU is only allowed with sufficient safeguards. China has no adequacy decision from the European Commission, so those safeguards aren’t there by default.
AP chairman Aleid Wolfsen pointed out that you become liable yourself the moment you enter other people’s data. “If you upload other people’s data, it ends up in the same place in China (…). That kind of unlawful transfer makes you liable.” The Dutch government even banned DeepSeek entirely for civil servants in early 2025, on the grounds that it was a spyware-prone app. For personal data it is simply not a sensible place.
If you want to be sure nobody in your organization accidentally pastes something in anyway, you can lock a chatbot like DeepSeek down completely.

From rules to control
A policy on paper is a fine start, but it stops nothing the moment things go wrong. Your employee’s browser never read that document. You can only really steer once you see what is happening.
And you can do that without reading your colleagues’ prompts. You see which data go to which chatbot as categories and counts, never as content.

From there, prevention gets a lot easier. Redactprompt strips sensitive data out of the prompt before it is sent and replaces them with a label or a workable pseudonym, so the chatbot still gives a usable answer. And chatbots you don’t want, you lock down centrally. That way you let your team work with AI without a data breach happening.
Prevent data breaches into AI chatbots.
Start free, get a view of what your team sends to AI, and have sensitive data stripped from the prompt automatically. No account needed to begin, no credit card.
Frequently asked questions
Can you use ChatGPT at work under the GDPR?
Is it a data breach if an employee pastes personal data into ChatGPT?
Can you enter a BSN or other ID number into ChatGPT?
Is DeepSeek safe for business use?
Can it be done with a business ChatGPT or Copilot licence?
What is a data processing agreement, and do you need one for AI chatbots?
Prevent data leaks to AI chatbots
Redactprompt detects and protects sensitive data before it reaches an AI chatbot. Fully local in your browser.