The practical guide: which tier, which contracts, which technology
ChatGPT has arrived in day-to-day work — often faster than legal can keep up. This guide shows which ChatGPT tier you may actually use with personal data, which contracts and records go with it, and how to structurally handle the transfer risk out of the US. With a decision tree and an implementation checklist.
Last updated: July 2026 — not legal advice · 12 min read
The moment even a single piece of personal data enters the prompt — a customer name, an email address, a CV, a health note — the GDPR applies in full, and the free consumer tiers (Free and Plus) are out.
The reason is simple: without a data processing agreement and with training on your inputs on by default, you are processing personal data with no legal basis and no control over where it ends up. Everything else in this guide is the answer to that one sentence — tier, contracts, technology.
OpenAI offers ChatGPT in several flavours, and the data-protection difference between them is larger than the feature set suggests. Three questions decide it: Is there a data processing agreement? Is training done on your data? And where is the data processed?
The consumer tiers (Free, Plus, Pro and Go) are built for individuals. OpenAI provides no data processing agreement under Article 28 GDPR here, and training on your inputs is on by default — you can turn it off in the settings, but that does nothing about the missing contract.
For personal company data these tiers are therefore not viable in practice. They are fine for purely private use or for tasks with no personal reference at all (rewriting a public text, say) — but not as a tool into which staff type customer data.
In the business offerings OpenAI acts as a processor under Article 28 GDPR: ChatGPT Business (called “Team” until 29 August 2025), Enterprise, Edu and access via the API. Here OpenAI does not train on your customer data by default — for the API this has been the case since 1 March 2023.
The basis is OpenAI’s Data Processing Addendum (DPA), updated on 1 December 2025 and effective from 1 January 2026. It is a standard contract you must actively conclude yourself — it does not apply automatically. You will find it at openai.com/policies/data-processing-addendum.
That lays the contractual foundation. It alone does not yet make the use GDPR-compliant — third-country transfer, records, DPIA and legal basis come on top, which we go through one by one below.
If you want the data physically in the EU, look carefully at what each tier actually offers. Storage of data at rest in the EU has been available since February 2025 (for Enterprise and Edu, new workspaces). Inference on EU GPUs — the actual processing inside the EU — has been available since 16 January 2026, but for Enterprise, Edu and Healthcare and only via sales.
For ChatGPT Business, EU data residency is, as things stand, only assured on Enterprise/Edu — verify this bindingly before signing rather than relying on marketing claims. Via the API you can choose the EU region per project; processing then runs in-region with zero data retention, i.e. without persistent storage of the content.
The path to the right tier hangs on four questions. The tree below shows every branch once, in full, for reference — below it you can walk through your own case in four clicks.
Permitted with conditions
No personal data enters the prompts (guaranteed, not just “usually”).
Business or Enterprise with a concluded DPA is enough. Still put a usage policy in place so it stays that way.
Public cloud unsuitable
Special categories under Article 9 (health, biometrics) or professional secrets under § 203 of the German Criminal Code (law firm, medical practice, tax advisory) are involved.
The public cloud is unsuitable here. Use an EU inference setup, an EU model via a gateway, or an on-premise solution — a DPIA is mandatory. We build exactly these architectures for law firms and mid-sized companies.
Permitted with conditions
Personal data can be kept out of the prompt in a technically enforced way (proxy or pseudonymisation, not just an appeal).
Business or Enterprise with a DPA, complemented by an upstream gateway that filters or pseudonymises the data.
Only after retrofit
Personal data is only meant to stay out “please remember” — there is no technical control.
This is the classic shadow-AI case with high risk. Add a technical control (gateway) before you approve the use.
Only after retrofit
Data must be kept in the EU (internal policy, supervision or a customer requirement).
Enterprise or Edu with EU data residency — ChatGPT Business generally does not offer it.
In every case: conclude the DPA, keep records under Article 30, run a DPIA check, involve the works council and put a usage policy in force.
Does personal data enter the prompts?
The DPA is the baseline: it makes OpenAI your instruction-bound processor and governs purposes, deletion, sub-processors and your control rights. For ChatGPT Business, Enterprise, Edu and the API it is available as a standard contract (DPA) — but you must actively conclude it yourself; it does not apply the moment you click “Sign up”.
Practical mistake number one: the tier is booked, but nobody formally initiated the DPA. Without a signed DPA the Article 28 basis is missing — regardless of which tier you pay for.
OpenAI is a US provider, so your data in principle leaves the EU. This is currently secured twice over: OpenAI is certified under the EU-US Data Privacy Framework (DPF) (status active as of June 2026), and the DPA contains standard contractual clauses (SCCs) as a fallback.
That foundation is in motion, however. Before the CJEU, appeal C-703/25 P has been pending since October 2025, noyb announced a “Schrems III” on 30 June 2026, and a US Supreme Court ruling of June 2026 on the independence of the FTC undermines one of the DPF’s preconditions. A CJEU assessment is expected in late 2026 or early 2027.
In substance: the transfer is legally secured today, but that can change. Anyone wanting to avoid the risk structurally chooses EU data residency, an EU model (such as Mistral) or on-premise — then the data never leaves the EU in the first place.
Every AI-supported processing belongs in the record of processing activities (Article 30) — with purpose, data categories, recipients and deletion periods. This is not optional; it is the documentary basis the supervisory authority wants to see.
Once you process personal data systematically and on a large scale — or special categories under Article 9 are involved — a data protection impact assessment under Article 35 usually comes on top. It examines and documents the risks before deployment. Add to that a clean legal basis under Article 6 and your own privacy notices that make the AI use transparent.
The biggest real danger is not the wrong tier but uncontrolled use: staff copying customer data into their private ChatGPT account because it is quicker right now. This shadow AI escapes every control and every contract.
A clear, short usage policy answers the questions that come up in daily work: which tool is approved? Which data may go in, which never? Who is the point of contact? A policy no one reads does not help — it must be brief, concrete and paired with an approved alternative, so the detour via the private account becomes unnecessary.
Where a works council exists, using ChatGPT is regularly subject to co-determination. As soon as the system is capable of monitoring the behaviour or performance of employees — and enterprise features such as audit logs and SSO are exactly that — § 87 (1) no. 6 BetrVG applies.
The consequence is uncomfortable: an introduction without works-council involvement is invalid. A works agreement on AI is advisable, setting out purpose, permitted use and the exclusion of performance monitoring — that creates legal certainty for both sides.
Two duties from the EU AI Act run in parallel to the GDPR. Since 2 February 2025 the AI literacy duty under Article 4 applies: anyone using AI must ensure an adequate level of competence among their staff; supervision of this kicks in from 2 August 2026.
From the same date, 2 August 2026, the labelling duty under Article 50 applies: AI chatbots must disclose themselves and certain AI-generated content must be marked. Both duties are to be met independently of data protection — we have written them up in separate guides.
All the contracts in the world are worthless if the personal data ends up in the prompt anyway. The real steering question is therefore technical — and it has three escalation levels.
The obvious first step is a rule: no real names, no real addresses, no contract numbers in the prompt. In theory this substantially reduces the personal reference.
In practice the rule fails at exactly the point that makes it necessary — the human under time pressure. An employee who wants a customer email summarised quickly pastes it in, name and request and all. Voluntary pseudonymisation is better than nothing, but it is not a reliable control.
The most reliable control is not an appeal to staff but a technical layer between the user and the LLM: a GDPR gateway filters or pseudonymises personal data before it reaches the model. This is exactly what we built prAIvicy for.
The advantage of such a layer is that it does not depend on discipline. The real name is detected and replaced before the prompt leaves the building, and reinserted in the response — the employee ideally notices nothing, and the personal data never reaches the model in the first place.
Where the protection level has to be higher — special categories, professional secrets under § 203 StGB, sensitive sectors — a gateway in front of a US model is no longer enough. Then you move the processing itself: onto an EU model (such as Mistral) or an on-premise solution in-house or in a German cloud.
That way the data never leaves the EU, and the entire third-country debate falls away. The effort is higher, but for law firms, medical practices and regulated mid-sized companies it is often the only path that survives the DPIA — and these are exactly the architectures we set up.
These points take you from spontaneous use to a defensible deployment:
Not viable in practice for personal company data. The consumer tiers (Free, Plus, Pro, Go) offer no data processing agreement under Article 28 GDPR, and training on your inputs is on by default (can be turned off manually). Once personal data enters the prompt, you need Business, Enterprise, Edu or API access with a DPA.
On the consumer tiers (Free/Plus/Pro/Go) by default yes — you can turn it off in the settings. On ChatGPT Business, Enterprise, Edu and via the API, OpenAI does not train on your content by default; for the API this has been the case since 1 March 2023.
No. The DPA (Data Processing Addendum) is necessary but only one building block. You must first actively conclude it (openai.com/policies/data-processing-addendum), additionally secure the third-country transfer, keep Article 30 records, run a DPIA under Article 35 where applicable, set a legal basis under Article 6 and add your own privacy notices.
For now yes: OpenAI is certified under the EU-US Data Privacy Framework (DPF), complemented by standard contractual clauses (SCCs) in the DPA. But the foundation is wobbling: appeal C-703/25 P is pending before the CJEU, noyb is preparing a “Schrems III”, and a US Supreme Court ruling of June 2026 on the independence of the FTC undermines a DPF precondition. A CJEU assessment is expected in late 2026/early 2027. Anyone wanting to avoid the transfer risk structurally chooses EU data residency, an EU model or on-premise.
Usually yes, once you process personal data systematically and on a large scale, or special categories under Article 9 (health, biometric data) are involved. The DPIA under Article 35 GDPR examines and documents the risks before deployment. For pure test runs without real personal data it is mostly dispensable.
From 2 August 2026 the transparency duty under Article 50 EU AI Act applies: AI chatbots must disclose themselves and certain AI-generated content must be labelled. This is to be met independently of the GDPR. See our guide on AI labelling obligations for details.
Deploy AI in line with data protection: legal bases, DPAs, data flows.
Read more →Article 4 EU AI Act: who must prove AI literacy, and how.
Read more →Model hardware, operating and cloud-comparison costs for on-premise AI.
Read more →I help you choose the right tier, set up the contracts and records, and keep personal data out of the prompt technically — pragmatic and without the hype.
The GDPR gateway we use for this:
Discover prAIvicy