ServicesWorkInsightsAbout
Book a call
DE EN

Insights

Using AI in line with data protection: a guide for SMEs

9 July 20265 min

The most common brake on AI in mid-sized companies is not the technology, but the worry about data protection. That worry is justified — but solvable. With a few clear rules, AI can be used safely and in line with the GDPR.

First: what data do you put in?

The key question before any AI use: does the input contain anything personal or confidential? Many tasks — draft texts, research, ideas — need no sensitive data at all. Where they do, stricter rules apply, and then the tool and the contract are decisive.

The right tool and the data processing agreement

Use providers that offer a data processing agreement under Art. 28 GDPR and do not use your inputs for training. Business, team or enterprise plans from reputable providers usually meet this; free consumer versions often do not. A quick look at the privacy terms always pays off.

Clear guardrails for the team

Set out on one or two pages: which tools are allowed, which data may go in and which may not, and who decides in case of doubt. Such guardrails create confidence and prevent shadow AI, where staff quietly use unsafe tools.

Keep transparency and control

Document where AI is used in the company and with which data. That is not only GDPR hygiene, but also preparation for the EU AI Act. And AI results stay drafts — the professional responsibility remains with the human.

Data protection is not an obstacle but a mark of quality. Whoever sets AI up cleanly from the start can scale it without a bad conscience. This article is practical orientation and does not replace individual legal advice.

Related service: AI Consulting

← All insights

Want to talk this through for your company?

Book a call