What about GDPR/DSGVO and data sent to AI?

What about GDPR/DSGVO and data sent to AI?

Hi Georg!

When it comes to GDPR/DSGVO compliance and sending data to AI, we are considering several approaches. The final choice will be left to the customer and configurable based on their preferences and compliance requirements:

  1. OpenAI Enterprise License – With this license, data is not used to train models, and enhanced privacy and security measures are in place, making it suitable for GDPR-compliant use cases.
  2. Data Anonymization Layer – We plan to introduce dedicated tools that anonymize sensitive data before it’s sent to the AI platform. These tools (e.g., MCP wrappers for customer, order, and return data) will replace personal information with placeholders and maintain a secure mapping. Only anonymized data is shared with the AI, and real values are restored after the AI response—before it’s returned to the customer.
  3. Custom/Open-Source LLMs – Customers will also have the option to integrate with their own custom or open-source language models, giving them full control over data processing and compliance.

Regards,
Łukasz