AGIDAT – Datenschutz | Informationssicherheit

AI & Data Protection

ChatGPT, Copilot & Co. — GDPR-compliant from day one.

AI tools and GDPR — a complex relationship

Artificial intelligence tools like ChatGPT, Microsoft Copilot, Google Gemini, and countless others are becoming standard in everyday business. However, their use creates significant data protection challenges: where is the data processed? What is the legal basis? How long is data retained? Who has access?

What we examine and advise on

  • AI tool inventory — which AI systems are in use in your organization?
  • Legal basis assessment — is the use of each tool lawful under GDPR?
  • Data transfer analysis — are personal data transferred to third countries (e.g., USA)?
  • Data Processing Agreements — are vendors covered by valid DPAs?
  • EU AI Act compliance — risk classification and obligations under the new EU AI regulation
  • AI usage policies — internal guidelines for employees using AI tools
  • DPIA for high-risk AI — mandatory assessments for high-risk AI systems

Practical outcome

You receive a clear assessment of which AI tools can be used lawfully and under what conditions, a set of internal usage guidelines, and where necessary, complete DPIA documentation — enabling your organization to benefit from AI while staying on the right side of the GDPR.