In early 2025 Germany’s Federal Data Protection Commissioner (BfDI) opened a public consultation on AI models. The trigger wasn’t theoretical. It was the steady drip of complaints: employee data shipped to OpenAI servers, no DPA, no DPIA, nobody asked. Italy’s Garante was tightening at the same time. The signal across Europe: this is now an enforcement priority, not a thought experiment.
The compliance rules are clearer than most vendors make them sound. The hard part is knowing where the real risk lives — and where it doesn’t.
When does GDPR actually kick in?
Not every AI use is a data-protection problem. The deciding question is simpler: are personal data being processed?
An employee asking ChatGPT “explain IFRS revenue recognition” — no problem. The moment a customer name, an email address, an employee record, or contract content enters the system — GDPR is on.
Three obligations follow. They’re the same three vendors keep trying to make sound complicated:
1. Legal basis (Art. 6 GDPR). Every processing activity needs one. For workplace AI, usually Art. 6(1)(f) (legitimate interest) or (a) (consent). For sensitive data — health, union membership, anything under Art. 9 GDPR — the bar is much higher.
2. Data processing agreement (Art. 28 GDPR). If an external AI vendor touches your data, you need a DPA. With US vendors — OpenAI, Google, Microsoft — there’s a second layer: the Schrems II ruling says Standard Contractual Clauses alone aren’t enough when the vendor is subject to the US CLOUD Act. That’s basically every major cloud AI service.
3. Data protection impact assessment (Art. 35 GDPR). Required wherever processing is “high risk” to data subjects. Profiling, automated decisions, employee evaluation — that’s most workplace AI. Germany’s data protection authorities have published an explicit mandatory DPIA list. When in doubt, run the DPIA. It’s cheaper than the audit.
Where most enterprises actually fail
The text of the GDPR is clear. People fail in the same three places anyway.
Problem 1: Shadow AI
Employees use ChatGPT, DeepL, Gemini — without DPAs, without DPIAs, without IT knowing. We covered the full picture in shadow AI in the enterprise. The short version: most knowledge workers already use AI at work, and most of the tools they use weren’t approved by anyone. No DPA in the world fixes a tool you don’t know exists.
Problem 2: Your data trains their model
Cloud AI vendors will use submitted data for training — unless someone actively opts out. OpenAI added a free-tier opt-out in 2024, but it’s not on by default, and the effectiveness can’t be independently verified. Without active intervention, your confidential data can resurface in someone else’s session. OpenAI confirms this in the terms. Read those once. Read them again with your legal team in the room.
Problem 3: Every transfer to the US is a third-country transfer
Under Art. 44 ff. GDPR, every data transfer to a US vendor is a third-country transfer. Schrems II killed Privacy Shield; the EU-US Data Privacy Framework that replaced it in 2023 is already under attack — Max Schrems has stated he’ll challenge it at the CJEU. The framework works today. Plan as if it might not in two years.
GDPR-compliant AI: four options, ranked
| Option | GDPR status | Control | Cost | For whom? |
|---|---|---|---|---|
| Cloud AI with DPA (e.g. Azure OpenAI Enterprise, Microsoft Copilot) | Conditionally compliant — third-country transfer remains a residual risk | Medium | High (per user / per token) | Enterprises with no truly sensitive data |
| EU-hosted cloud AI (e.g. Aleph Alpha, Mistral via EU hosting) | Better — no third-country transfer | Medium | High | Enterprises with EU preference, no on-prem appetite |
| On-premise AI (turnkey appliance) | Fully compliant — no external processing | Full | Low (no per-user fees) | Enterprises with high compliance load |
| Self-hosted open source (e.g. Llama, Mistral on your own hardware) | Fully compliant | Full | Variable (you build the infra) | Enterprises with strong internal IT |
Two factors decide. How sensitive is the data? How much IT capacity do you have to spend? Mid-market companies usually answer “very” and “not much.” That’s the gap turnkey on-premise solutions exist to fill.
Checklist: is your AI usage actually GDPR-compliant?
Why on-premise drops the compliance load close to zero
On-premise AI doesn’t reduce the three biggest GDPR problems. It removes them.
No third-country transfer. Nothing leaves your network. Art. 44 ff. GDPR doesn’t apply because there’s no transmission.
No DPA needed for the AI. You’re processing your own data. No external processor exists. Art. 28 doesn’t trigger.
No third-party training. The model is yours. Nobody trains on your data. The “my confidential prompt surfaces in someone else’s answer” risk doesn’t exist because there is no someone else.
Turnkey on-premise platforms like contboxx Vault ship as ready-to-run appliances: NVIDIA hardware, pre-installed LLMs, ~40 integrations (SharePoint, Confluence, SAP, Slack). Everything stays local. Live in six weeks. ISO 27001:2022 certified.
For sensitive data and limited IT capacity, this is the pragmatic move — not the ideological one. The cloud vs. on-premise TCO comparison makes the math explicit, especially at several hundred users.
Test GDPR-compliant AI contboxx Vault: on-premise, made in Germany, productive in six weeks. Nothing in the cloud. Book a free demo
EU AI Act: what stacks on top of GDPR
Since 2024 the EU AI Act adds AI-specific obligations on top of the GDPR. For organizations deploying AI (“deployers”):
- Risk classification: Every system gets a tier — minimal, limited, high, unacceptable.
- Documentation: High-risk AI requires technical documentation, conformity assessment, and CE marking.
- Training (Art. 4): Every employee working with AI needs training. In force since February 2025.
- Transparency (Art. 50): Users get to know when they’re interacting with AI.
Fines: up to EUR 35 million or 7% of global annual turnover. The GDPR regulates the data; the EU AI Act regulates the system. Both apply at the same time, whether or not personal data is involved.
FAQ
Is ChatGPT GDPR-compliant?
Conditionally. OpenAI offers a DPA and is certified under the EU-US Data Privacy Framework. ChatGPT Enterprise has a training opt-out. With the free and Plus versions, two risks remain: data may be used for training, and the third-country transfer remains legally vulnerable as the DPF faces court challenges.
Do I need a DPIA for AI?
In most workplace AI use cases, yes. Art. 35 GDPR requires a DPIA whenever processing is high-risk — profiling, systematic evaluation, automated decisions, employee monitoring. Germany’s data protection authorities have published a mandatory list. When in doubt, run the DPIA. Cheaper than an audit.
Which AI vendors are GDPR-compliant?
Fully compliant: only solutions with no external data flow — on-premise AI and self-hosted open-source models. EU-hosted cloud services are the lower-risk middle ground. US vendors are usable with DPA plus DPF, but the third-country transfer is a residual risk that has already been litigated to the CJEU once.
What happens after a GDPR violation through AI?
Fines under Art. 83 GDPR: up to EUR 20 million or 4% of global revenue. Plus damages claims under Art. 82. The employer is liable, not the employee who pasted the data. For AI-specific violations, EU AI Act penalties stack on top — up to EUR 35 million or 7%.
Bottom line
GDPR-compliant AI isn’t a contradiction. It requires deliberate decisions. Choose cloud AI and you’ve signed up for DPA reviews, DPIAs, and third-country transfer headaches as a permanent workload. Choose on-premise and most of those problems stop being problems.
For European mid-market companies with sensitive data and limited IT, turnkey on-premise is the pragmatic answer: maximum compliance, minimum work.