Quick answer up front: “GDPR-compliant AI” is not a product and not a server location, it’s a process. An AI use case doesn’t become compliant because it “runs in Europe”, but because you classify the data, have a legal basis, keep a data processing agreement and a record of processing, and control access and deletion. The hosting location falls out at the end of that process, not the start.
This post builds on the question of which data belongs on someone else’s server at all. That one is about the gut feeling. This one is about what makes the gut feeling defensible.
”Compliant because the vendor says so” isn’t enough
The most common mistake sits in one sentence: “We use Copilot, and Microsoft says it’s GDPR-compliant.” A vendor can hand you a compliant product and a clean contract. Whether your specific use is compliant isn’t their call. That depends on which data you put in, on what legal basis, with which access rights.
It shows up quickly in practice. An AI assistant that, through over-broad permissions, suddenly summarises salary lists or other people’s mailboxes was bought “compliant” and is still a privacy problem. The responsibility for that stays with you, not the vendor — the same logic that applies to Microsoft 365 and the GDPR.
The matrix: which data goes where
The process starts with a classification you do once per use case. Three classes are enough to begin:
| Data class | Example | Where it goes |
|---|---|---|
| Public / uncritical | Marketing copy, research, public information | any serious cloud AI is fine |
| Personal, can be pseudonymised | Support requests, internal notes without real names | EU cloud with a DPA, strip the data first |
| Sensitive / secret | Contracts, personnel files, health and financial data | local or EU-sovereign, not an open API |
The matrix doesn’t replace an assessment, but it prevents the most expensive mistake: treating everything the same. Most companies either tip everything into the cloud without a second thought or ban AI outright. Both are convenient and both are wrong.
The rest is craft
Once the classification stands, the rest is familiar privacy work: record the legal basis, add the AI service to your record of processing, sign the data processing agreement, run a data protection impact assessment where the risk is high, set retention periods and access. None of it is new just because it says “AI” on the box. If you’d rather not set up that process alone, get consulting once instead of yet another tool.
On top of that, since 2025 the AI Act brings an AI-literacy duty (Article 4): anyone deploying AI has to make sure the people operating it actually understand it. That doesn’t require a certified course or a formal documentation duty — it requires that your people know what the tool can do, what it can’t, and which data they’re allowed to give it. Which brings us back to the matrix.
Want to bring in AI without guessing on data protection? Get in touch — we’ll sort your use cases by data class and clarify what’s allowed to run where.