Someone in your company is doing this right now.
They opened the free version of ChatGPT, copied a customer email, pasted it in, and asked the model to draft a reply. Or they pasted a CSV of leads to "find the top accounts to follow up." Or a renewal forecast with named accounts and revenue figures.
It is fast. It is convenient. And inside the European Union it is illegal.
This is not an opinion. It is the plain reading of two regulations that are already in force across all 27 Member States: the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (Regulation (EU) 2024/1689). The penalties are real, the supervisory authorities have started enforcing, and "we did not know" is not an admissible defence.
This is the post you forward to the colleague who keeps doing it.
The Specific Violation: GDPR Article 28
When an employee pastes personal data into free ChatGPT, the company they work for is transferring personal data to a processor. GDPR Article 28 governs exactly that relationship and requires a written contract — typically a Data Processing Agreement (DPA) — between the controller (you) and the processor (OpenAI). The DPA must define purpose, retention, sub-processors, security measures, breach notification, and data subject rights.
The free ChatGPT product has no DPA available to consumer accounts. The OpenAI Consumer Terms of Service explicitly state that conversations may be used to train and improve the models. There is no Standard Contractual Clauses package, no EU data residency commitment, and no contractual restriction on sub-processors. From a GDPR standpoint, you have no legal basis for the transfer, no contractual safeguards on the data, and no way to honour a customer's right to erasure once the data has been ingested into training.
The Italian Garante found this serious enough to temporarily ban ChatGPT in March 2023 and impose a €15 million fine in December 2024 over training data and lack of legal basis. The Dutch DPA and CNIL (France) have published formal guidance reaching the same conclusion. The position of European supervisory authorities is now uniform.
The Second Layer: The EU AI Act
The EU AI Act entered into force on 1 August 2024 with a staggered rollout of obligations. The most relevant provision for everyday office use is Article 4 — AI Literacy, which applies from 2 February 2025 to every provider and deployer of AI systems, regardless of risk classification.
The text is short and unambiguous. Companies must take measures to ensure a sufficient level of AI literacy among staff dealing with the operation and use of AI systems, taking into account their technical knowledge, experience, education and training, the context the AI systems are to be used in, and the persons or groups of persons on which the AI systems are to be used.
In practical terms: if your sales operations team is pasting CRM exports into ChatGPT and nobody has trained them on what that means, you are also non-compliant with Article 4. You need a documented programme — even a one-pager and a sign-off — covering acceptable use, prohibited categories of data, and approved tools.
When the General-Purpose AI Code of Practice rolls in across 2025 and 2026, this expectation becomes harder to plead ignorance on.
What Actually Counts as Personal Data Here
A surprising number of teams convince themselves that "a quick prompt" is fine because they only pasted a name or an email. Under GDPR Article 4(1), personal data is any information relating to an identified or identifiable natural person. That includes the obvious — names, emails, phone numbers, addresses — and the not-so-obvious: IP addresses, customer IDs that map back to individuals, account numbers, support ticket text, photographs of business cards, screenshots of a CRM page, lists of company executives at named accounts, and even job titles when combined with employer names.
Special category data — health, religion, biometrics, trade union membership, sexual orientation — triggers GDPR Article 9 and carries strict additional requirements. Pasting a medical claim, a job application, or an HR investigation note into free ChatGPT is a worst-case scenario.
The risk does not scale with how much data you paste. A single customer record processed without a lawful basis is already a breach.
The Real Exposure: What an Audit Looks Like
If your data protection authority opens an investigation, the questions are predictable:
What AI tools are in use by employees, formally or informally? Who decided they were appropriate? Where is the risk assessment? Which suppliers have a DPA in place and what does it cover? Has a Data Protection Impact Assessment (DPIA) been conducted for the processing? What evidence do you have of the AI literacy obligations under Article 4? What logs exist of what data has been processed and where?
For most companies, the honest answer to all of those questions is "none." That is the gap that triggers the fines, not the technology itself.
GDPR penalties go up to €20 million or 4% of global annual turnover, whichever is higher. EU AI Act fines for non-compliance with operator obligations go up to €15 million or 3% of global annual turnover. They are not theoretical — Meta, OpenAI, Clearview, and several mid-market controllers have already been hit with multi-million-euro fines under similar fact patterns.
Two Compliant Paths You Can Take This Week
Path 1 — Move to an enterprise tier with a DPA
Microsoft Copilot for Business, ChatGPT Enterprise, Google Workspace with Gemini Enterprise, and Anthropic Claude for Work all ship with signed DPAs, no training on customer prompts, EU data residency options, and admin tooling for audit and retention.
The DPA is the unlock. It establishes the Article 28 controller–processor relationship, defines purpose limitation, and gives you the contractual basis you need to allow employees to paste in customer data within a clearly defined scope.
Combine this with a written AI Acceptable Use Policy that names the approved tools, prohibits the consumer versions, and lists prohibited data categories. Roll the policy out as part of the Article 4 literacy programme and have everyone acknowledge it. That single combination — enterprise tier plus AUP plus literacy sign-off — closes both the GDPR and AI Act gaps for everyday office use.
Path 2 — Anonymise before you prompt
If you cannot move to a paid tier yet, the cheapest legal path is to never paste personal data in the first place. Replace names with "Customer A", strip emails to "[redacted]", reduce purchase history to "high-value enterprise account in regulated industry." The model still understands the structure, your team still gets the productivity lift, and there is no personal data leaving your perimeter.
This is the same logic that has worked for decades with public file shares. The data minimisation principle in GDPR Article 5(1)(c) explicitly encourages it. Done well, it costs nothing and removes the violation entirely.
A few operational rules that help:
* Anonymisation must be irreversible. Pseudonymisation (replacing names with codes you can re-identify later) is still personal data under GDPR and still requires a lawful basis. * Do not paste raw exports. CRM extracts, spreadsheets, screenshots, and PDFs frequently leak identifiers that a quick read does not catch. * Watch for inference. Sometimes the combination of role, employer, and geography is enough to identify a specific person — that still counts.
What Privum Recommends to Clients
For most mid-market and scale-up clients, the right answer is both — an enterprise tier rollout for the teams that legitimately need to process real customer data with AI assistance, plus an anonymisation-first culture for everyone else. Add a documented AI Acceptable Use Policy, a brief literacy session evidenced in writing, and a register of approved AI tools. That entire package can be assembled and rolled out inside a single sprint.
The expensive failure mode is silence. The teams pasting customer data into the free tools are not malicious — they are productive people using the best tool they could find. The job of the security and data protection function is to give them a legal version of the same productivity, not to send a memo telling them to stop.
The Bottom Line
If you are operating in the EU and you do not know whether anyone in your company is using the free version of ChatGPT with customer data, the operational answer is "yes, someone is." The compliance answer is that GDPR Article 28 and EU AI Act Article 4 already make this a violation, with penalties that range from a corrective order to multi-million-euro fines.
Two paths fix it: pay for an enterprise tier with a signed DPA, or train your team to anonymise everything before the prompt. Both are quick. Neither is optional.
If you would like a one-page AI Acceptable Use Policy template aligned with these requirements, or help running a literacy session that satisfies Article 4, get in touch — we publish the template free and run the session for cost on first engagements.