Short answer: In the free version and ChatGPT Plus you must not enter customer data — with personal data this is generally a GDPR violation. With ChatGPT Business, Enterprise or the API it is permissible, but not automatically: you need a data processing agreement, a legal basis and EU data residency. Even then a US residual risk remains, because OpenAI is subject to US law.
Reading time: around 7 minutes. This article is a decision guide — if you want to understand the underlying risks first, read Entering company data into ChatGPT?.
What this is about — and what it isn't
"Are we even allowed to do this?" is a question I hear almost weekly in conversations with managing directors and IT leads. It is a fair question, because the answer determines real liability. This article answers it as a clear allowed/not-allowed assessment: which setup is permissible, which is not, and which criteria must be met.
This is not about the general question of whether ChatGPT is risky — that is covered in our article on the risks of company data in ChatGPT. Here it is about the legal decision in your specific case: you have customer data, you have an AI tool, and you need to know whether the two together are allowed.
Note: This post is a factual overview, not legal advice. For a binding assessment of your specific case, talk to your data protection officer or a specialist lawyer.
Key Takeaways
- Free and Plus: entering customer data is generally a GDPR violation where personal data is involved. OpenAI acts as a data processor — and without a data processing agreement (DPA) the legal basis is missing.
- Business, Enterprise, API: permissible, but not automatically. A DPA, a legal basis and configured EU data residency are required.
- "Placeholders instead of names" is a fallacy: pseudonymization lowers the risk, it does not remove it.
- US residual risk remains: even with EU residency, OpenAI as a US company is subject to the CLOUD Act and FISA 702 — data residency is not the same as data sovereignty.
- Fine ceiling: up to 20 million euros or 4% of global annual turnover (Art. 83 GDPR).
The decision matrix: what is allowed, what isn't?
The most common confusion arises because "ChatGPT" is not a single product. Free, Plus, Business, Enterprise and the API differ significantly in legal terms. This matrix brings order to it:
| Setup | Enter personal customer data? | Requirement |
|---|---|---|
| ChatGPT Free | No | None — processing without a DPA, inputs feed training by default |
| ChatGPT Plus | No | Same as Free — paying alone creates no legal basis |
| ChatGPT Business | Conditional yes | DPA + legal basis + EU data residency |
| ChatGPT Enterprise | Conditional yes | DPA + legal basis + EU data residency |
| OpenAI API | Conditional yes | DPA + legal basis + Zero Data Retention where needed |
"Conditional yes" means: permissible once the requirements are actively in place — and with the awareness that a US jurisdiction residual risk remains. More on that below.
Why can't you enter customer data into ChatGPT Free and Plus?
As soon as you enter personal data into ChatGPT, OpenAI processes it on your behalf and qualifies as a data processor under the GDPR. That is the legal core: for processing on behalf, Article 28 GDPR mandates a data processing agreement. OpenAI does not enter into one for the free version and ChatGPT Plus (e-recht24).
Without that agreement, the legal basis is missing. On top of this: in Free and Plus, inputs feed model training by default unless you actively switch it off. Together this makes entering personal customer data in these versions a violation in almost all cases.
That this is not a theoretical risk is shown by the numbers: German supervisory authorities received 10,259 data breach reports in 2025 — up from 8,623 the year before (GDPR Enforcement Tracker Report, CMS). Uncontrolled entry of customer data into non-compliant tools falls squarely into this category.
A common objection is: "We use placeholders instead of real names." That only helps so far. Pseudonymization lowers the risk but does not remove it — data stays personal as long as the link can be re-established. And an anonymized order value combined with region and date is often uniquely attributable even without real names.
Does a paid subscription make ChatGPT automatically GDPR compliant?
"But the paid version is automatically compliant" is the sentence I hear most often from decision-makers — and it simply is not true. A Business or Enterprise subscription is the entry ticket, not the finished compliance proof. Three things you have to put in place actively, otherwise the contract is legally empty:
1. Sign a data processing agreement. OpenAI offers a DPA for ChatGPT Business, Enterprise and the API — but it does not apply automatically with the subscription. You have to sign and document it actively.
2. Establish a legal basis. Every processing of personal data needs a legal basis under Article 6 GDPR — for example legitimate interest or contract performance. That is your job, not OpenAI's.
3. Configure EU data residency. Since early 2025 OpenAI offers data residency in Europe for Enterprise, Edu and the API platform; since 16 January 2026 in-region inference in Europe is additionally available (OpenAI). Importantly: residency applies to stored data — and it is a setting, not a default.
Only once these three building blocks are in place is the processing legally covered. And even then a residual risk remains that many overlook.
What residual risk remains even when all requirements are met?
Data residency is not the same as data sovereignty. Residency describes where data sits. Sovereignty describes who can legally access it.
OpenAI is a US company. As such it is subject to the US CLOUD Act and FISA 702 — regardless of where the data is physically stored. The data protection organization noyb (around Max Schrems) puts it plainly: FISA 702 has no territorial limitation and applies to servers in the EU operated by a US provider — so the hosting location is irrelevant (noyb: Next Steps for EU companies). A US court can compel a US-controlled provider to hand over data even if it sits in a European data center — for national security requests with no adversarial process and no notification of the data subjects.
Important context: this argument applies to every US corporation — Microsoft, Amazon and Google alike. It is not an argument against the US cloud as such, and it is not a claim that European providers are categorically "better." It is simply a legal fact that you should know about for sensitive data and factor into your risk assessment. For most standard applications this residual risk is acceptable. For especially sensitive customer and company data it is a reason to look more closely.
Why don't outright bans make the problem go away?
Before we get to the solution, a point from practice that I have experienced myself: in an earlier setup, employees used AI tools with free accounts — not out of malice, but because IT had not provided an approved alternative and nobody wanted to give up the productivity of AI. That is the real cause of so-called shadow AI: not a lack of risk awareness, but a gap. Where there is no permitted solution, an unofficial one emerges.
It follows that a pure ban only pushes the problem underground. Anyone who wants to stop customer data inputs has to offer a sanctioned alternative at the same time — one that is at least as fast and easy. Otherwise the free account in the browser tab wins.
How does oneAgent solve the data protection problem in practice?
At oneLake we have an AI policy for exactly this. Critical data — personal and company data — is never processed by non-compliant AI. We only use AI tools that are operated in a GDPR-compliant way. This is not a theoretical rule but lived practice, because we build the very tools companies use to query their data in natural language.
Concretely with oneAgent: the customer consents to the processing of their company data by AI — but this processing happens exclusively on fully GDPR-compliant infrastructure. In the standard setup that is a data center in Frankfurt on the Microsoft Azure cloud. Those who need maximum control can self-host oneAgent in their own data center — then the data does not leave their own environment at all.
The decisive difference from dumping sensitive data into public ChatGPT: there is a data processing agreement, no training on your data, a documented legal basis via consent, and processing stays in the EU. With oneAgent it is also only about structured data from your systems — database, ERP, Shopify, CSV — not arbitrary documents. See how oneAgent solves this.
Which 6 questions must be answered before any customer data entry?
Before anyone in your company enters customer data into an AI tool, these six questions should all be answered with yes:
- Is it a Business, Enterprise or API version — not Free or Plus?
- Is a signed data processing agreement in place?
- Is there a documented legal basis under Article 6 GDPR?
- Is EU data residency actively configured — not just theoretically available?
- Has the US residual risk been consciously assessed and is it acceptable for this type of data?
- Is there an approved alternative, so no one has to fall back on the free account?
If even one yes is missing, entering the data is delicate — and in the Free/Plus case usually simply not permitted.
Frequently Asked Questions
Can I enter customer data into ChatGPT?
In the free version and ChatGPT Plus: generally no, as soon as personal data or trade secrets are involved — without a data processing agreement this is a GDPR violation. With ChatGPT Business, Enterprise or the API it is permissible if you sign a DPA, establish a legal basis and configure EU data residency. A residual US jurisdiction risk (CLOUD Act, FISA 702) remains because OpenAI is a US company.
Is the paid version of ChatGPT automatically GDPR compliant?
No. A Business or Enterprise contract does not make ChatGPT compliant by itself. You must actively sign a data processing agreement (DPA), establish a legal basis for processing and switch on EU data residency. Only then is the processing legally covered — with a remaining US residual risk.
Does replacing names with placeholders help?
Only to a limited extent. Pseudonymization lowers the risk but does not remove it. Data remains personal as long as the link can be re-established — and revenue figures, order values or location details often remain uniquely attributable even without real names.
Does OpenAI train its models on my inputs?
In the free version and ChatGPT Plus, by default yes unless you turn it off. For ChatGPT Business, Enterprise and the API, OpenAI states it does not train on your inputs or outputs by default.
How long does OpenAI store my inputs?
Via the API, inputs and outputs can be retained for up to 30 days for abuse monitoring and are then deleted — unless there is a legal retention obligation. Zero Data Retention is only available to eligible Enterprise customers with a qualifying use case.
How high are the fines for a GDPR violation?
Up to 20 million euros or 4 percent of the prior year's global annual turnover — whichever is higher. That authorities enforce this is shown in 2025: German supervisory authorities issued 249 fines totaling almost 47 million euros, with the single highest fine reaching 45 million euros.
Conclusion: the question isn't "whether AI", it's "which one"
Entering customer data into ChatGPT is not a yes/no question but a question of setup. Free and Plus are out where personal data is involved. Business, Enterprise and API are possible — but only with a DPA, a legal basis and EU residency, and with clear awareness of a US residual risk.
For many companies the most pragmatic path is not to laboriously configure ChatGPT to be compliant, but to use a tool for analyzing structured business data that processes in the EU from the ground up — with the option to run it entirely in your own data center. That is exactly what oneAgent is built for. If you want to know why reliable answers matter just as much as data protection, read how AI works without hallucinations on business data.