Skip to content

Privacy

ChatGPT at work: data-protection risks and sovereign alternatives

What legally happens when business data goes into ChatGPT & co., and how a sovereign AI stack delivers the same productivity without the US cloud.

Updated 2026-06-27 · Beyonetix Engineering · 6 min read

ChatGPT in the enterprise: why data protection and GDPR are the real question

Using ChatGPT in the enterprise is everyday reality today, often faster than data-protection and compliance teams can react. The productivity gains are real: draft text, summaries, code, translations. But ChatGPT data protection is not an abstract worry; it is a set of concrete obligations under the GDPR. The moment personal data, customer information, contract drafts or source code is pasted into an input field, the AI & GDPR question becomes decisive: where is that data processed, who can access it, how long is it stored, and on what legal basis does the transfer to the US take place? This article sets out the risks soberly and shows how a sovereign AI alternative delivers comparable productivity under EU law. It is not legal advice: the concrete assessment belongs with your data-protection officer or a qualified law firm.

What actually happens to your data

The most important difference is the plan you choose. With free accounts and ChatGPT Plus, inputs may by default be used to improve the models, that setting is on by default. OpenAI offers an opt-out, but the responsibility to set it correctly for every employee lies with the company, and a forgotten checkbox is, in case of doubt, a data-protection incident.

With ChatGPT Team and Enterprise the picture is considerably better: inputs are contractually not used for training, there are data-retention controls, admin functions and a data processing agreement (Data Processing Addendum). ChatGPT Enterprise has clearly better terms than the consumer variants. Even so, two points remain. First, data is still technically processed (inference, abuse detection, time-limited retention). Second, and this is the decisive point, no plan changes the jurisdiction OpenAI as a company is subject to.

CLOUD Act, Schrems II and the third-country transfer

This is where it gets legally concrete. Any processing of personal data by a US provider is a third-country transfer under Art. 44 ff. GDPR. Since the CJEU's Schrems II ruling (2020), invoking Standard Contractual Clauses is not enough; you need a Transfer Impact Assessment and, where required, additional safeguards. The 2023 EU-US Data Privacy Framework eases the situation; the EU General Court upheld it at first instance in September 2025, though an appeal is pending before the CJEU (Case C-703/25 P). It therefore provides real but only provisional legal certainty and could, like its predecessors Safe Harbor and Privacy Shield, which the CJEU struck down, be challenged again.

On top of that sits the US CLOUD Act: it obliges US providers to hand over data in their possession, custody or control to US authorities on order, regardless of whether the servers stand in the US or in Europe. What matters legally is the provider, not the location of the server. It is precisely this extraterritorial reach that cannot be fully excluded by contract. As long as a provider is subject to US law, a residual risk remains that even a perfect Enterprise agreement cannot remove. This is not an argument against OpenAI as a product, it is a plain description of the legal position that every compliance team should document and assess with qualified counsel.

Contracts, works councils and the shadow-AI problem

Even if the jurisdiction is accepted, further obligations apply. A data processing agreement under Art. 28 GDPR is mandatory, simply absent in consumer plans, available in Enterprise but worth reviewing. In Germany, co-determination regularly comes into play: if a tool can potentially monitor employees or make their performance assessable, § 87 BetrVG often applies in practice and the works council must be involved. A clear works agreement on AI use creates clarity and protects both sides.

The biggest practical risk, however, is shadow AI: employees who, lacking an official solution, use private accounts and feed in confidential content. This is where the genuinely dangerous confidentiality and IP losses arise, uncontrolled, undocumented, and potentially a breach of non-disclosure obligations toward clients. A blanket ban does not solve this; it merely drives usage underground. What helps is an official, secure alternative that is at least as good as the forbidden tool.

The sovereign alternative: comparable productivity under EU law

This is exactly where sovereign AI comes in. The idea: run capable open models yourself, Llama, Mistral, Qwen or the German Teuken, on your own servers or servers hosted in Germany. Technically these models run efficiently on vLLM as the inference engine; its PagedAttention manages the KV cache in memory-efficient pages and thereby raises throughput substantially. In front of it sits a LiteLLM gateway that exposes an OpenAI-compatible interface. For your applications that means they speak the same API as ChatGPT, but no token leaves the controlled environment. Access, models and limits are centrally governed, and every request can be logged.

The real productivity lever in a company is rarely the bare model, but access to your own knowledge. With citation-grounded RAG, retrieval augmented generation with source attribution, the system answers based on your own documents and names the passage it relied on. Techniques such as a knowledge graph and structured retrieval indexes increase traceability and reduce hallucinations, without eliminating them entirely. That this works in production is shown by our deployment in a large-scale AI archive with millions of documents, where research answers are consistently backed by evidence from the archive. Such research and archive systems stay fully in the operator's hands.

None of this comes free: a self-hosted solution needs infrastructure, operations and model maintenance. In return, the third-country transfer disappears entirely, data sovereignty stays with the customer, and there are no US models in the default path. Beyonetix itself holds no ISO or BSI certificates and gives no compliance guarantees, but we design and operate along these frameworks, so the solution fits into our clients' compliance systems. The legally binding assessment remains the task of your data-protection officer or law firm.

Do's and don'ts for getting started

Do: First clarify which data classes may go into an AI tool at all, and fix that in a policy. Offer an official solution before issuing bans. Conclude the data processing agreement with every provider and document the Transfer Impact Assessment. Involve the works council and data-protection officer early. For confidential, regulated or business-critical data, choose a self-hosted, sovereign environment.

Don't: No personal or confidential data in free or private ChatGPT accounts. Do not rely on the EU-US Data Privacy Framework alone as a permanent legal basis. Do not ignore shadow AI, it is realistically the biggest risk. And do not confuse "servers in Europe" with "outside the CLOUD Act".

The direction of travel is clearly toward freedom of choice: companies should not have to choose between productivity and data sovereignty. With open models, a gateway layer and evidence-based RAG, you can largely reproduce the practical value of ChatGPT while the legal attack surface shrinks. Whoever sets up a clean architecture today becomes structurally independent of the next Schrems decision, and keeps control over their most valuable asset: their own knowledge.

FAQ

Frequently asked

Is using ChatGPT in a company GDPR-compliant?

It can be, but it is not automatically. Free and Plus accounts are unsuitable for personal or confidential data because there is no data processing agreement and inputs may be used for training by default. ChatGPT Team and Enterprise offer better terms including a Data Processing Addendum and, per OpenAI, do not train on the inputs, but the third-country transfer to the US remains a residual risk under Art. 44 ff. GDPR that requires a Transfer Impact Assessment. Compliance only results from the right plan, contract, configuration and a documented risk assessment. The binding judgement belongs with your data-protection officer or law firm.

Why is ChatGPT Enterprise not fully sovereign despite the contract?

Because no contract changes the jurisdiction. OpenAI is subject to US law and therefore to the CLOUD Act, which can compel the disclosure of data to US authorities where the provider has it in its possession, custody or control, even for servers in Europe. Standard Contractual Clauses and the EU-US Data Privacy Framework mitigate this; the framework was upheld in court in 2025 but is still under appeal at the CJEU, and its predecessors Safe Harbor and Privacy Shield were struck down. True data sovereignty only arises when data and model are processed under EU law and under your own control.

What is the sovereign alternative to ChatGPT for businesses?

Self-hosted open models such as Llama, Mistral, Qwen or Teuken, run on the vLLM inference engine behind a LiteLLM gateway with an OpenAI-compatible interface. Combined with citation-grounded RAG over your own documents, this delivers practical productivity comparable to ChatGPT while no token leaves the controlled environment hosted in Germany. No third-country transfer takes place, and no US models are used in the default path. Operating it does, however, require your own infrastructure and maintenance.

Sovereign AI for your organisation?

Let's walk through your use case.