Company data and privacy

📋 30-second summary

• The privacy of your conversations with AI (Module 1, What you share when you use AI) is one thing. The privacy of company data is another: it isn’t just about you. There are clients, colleagues, and contracts you’ve signed.
• Three risk levels. Red (never paste): personal data of third parties, credentials, NDA-covered material, non-public numbers. Yellow (anonymize first): internal emails with names, CVs, meeting notes, aggregated HR data. Green (OK with common sense): public text, your own non-confidential material.
• Enterprise and Team plans change the contractual guarantees (no training on your data, workspace isolation, admin controls), not the physics of the problem. Search for “data retention” and “training opt-out” in the provider’s plan; don’t trust the label.
• NDAs, GDPR, AI Act. You are not the legal team, but you are the first filter. When you have doubts on a specific file, anonymize or don’t paste, and ask whoever in your company decides.
• If your company has no AI policy yet, putting the question on the table is part of your job, not overstepping.

In What you share when you use AI you saw what happens to messages you send to ChatGPT, Claude, or Gemini: they go to the company’s servers, stay there for a while, and on consumer plans can end up in training material if you don’t disable opt-out. That lesson covered your data, in a personal context.

At work the stakes shift. When you paste a client email, a candidate CV, a draft contract, or a CRM extract into a public AI, you’re no longer deciding only for yourself. That data belongs to your employer, your clients, or natural persons protected by GDPR. You’ve signed employment contracts and possibly NDAs that spell out what you can share with outsiders, and “outsiders” includes the prompt you send to a public model. This lesson closes Module 3 with a practical map.

Three risk levels

A simple scale before you paste anything into a chat.

Red, never paste into a public AI

• Non-anonymized personal data of third parties: clients, colleagues, candidates. Names, email addresses, phone numbers, home addresses, tax IDs, health data, personal financial data.
• Credentials: passwords, tokens, API keys, private keys, certificates. Even “just for an example”.
• Material under NDA or anything the contract itself classifies as confidential.
• Non-public financial data: undisclosed revenue, margins, sales pipeline, internal cost structures, M&A valuations.
• Confidential strategic plans: unannounced product roadmaps, acquisition shortlists, ongoing reorganizations, individual performance reviews.

Yellow, anonymize first

• Internal or client-facing emails with names and identifying details.
• Candidate CVs and interview notes (full personal data, often including special categories).
• Meeting minutes with names.
• Aggregated HR data (turnover, salary distribution, engagement surveys).
• Briefs or commercial documents that reference specific clients.

Green, OK with common sense

• Public text (websites, blogs, press releases, open documentation).
• Generic templates with no identifying information.
• Your own non-confidential material: your day’s agenda without the names of the people you’re meeting, a public comment you want to rephrase, a blog post you’re drafting for the company blog before publication.

Quick gut check for borderline cases: “if this text showed up in a Google search a year from now, would it create a problem with my boss, a client, or legal?”. If yes, you’re at least in yellow. The same test worked for the personal version (Module 1), but at work “Google search” is the worst case: well before that, your manager is already asking where that data went.

What if I’ve already pasted things I now classify as red or yellow?

This happens to almost everyone reading this lesson: you realize you’ve uploaded something in the past you wouldn’t upload today. Three things you can do now:

1. Go into the provider’s settings and delete the chats containing that data. On consumer accounts, user-side deletion doesn’t guarantee instant removal from the provider’s systems (they usually have a residual retention window of days or weeks), but it removes the chat from your history and from future context.
2. If you were on training opt-in (the consumer default), turn it off now. What you’ve already sent has been seen by the system, but you stop adding more.
3. If the data was NDA-covered or third-party personal data with serious impact, consider raising it with your manager or compliance contact. An incident reported early and honestly is almost always better than one discovered later.

How to anonymize in practice

“Anonymize” sounds simple in the abstract. In practice, before pasting any yellow text, carefully replace three things.

1. Proper names (people, companies, recognizable internal project names). Replace them with neutral labels: Client A, Candidate 1, Senior manager, Project Alpha. Keep the distinctions (Client A is not Client B), so the AI can still reason about the structure of the text.
2. Numeric identifiers. Tax IDs, contract numbers, IBANs, VAT numbers, internal IDs. Replace with placeholders like [TAX-1], [IBAN-A]. For business numbers (amounts, percentages, KPIs, revenue), distinguish two cases: if the number matters for the reasoning (analyzing a trend, drafting a summary based on the data), keep it but strip the names and identifiers attached to it: the AI can reason about the revenue of “Client A” without knowing it’s Acme Inc. If the specific number adds nothing to what you’re asking (you’re asking it to rephrase a sentence), cutting it reduces risk and costs nothing.
3. Details that combined identify a person. “The Italian project manager on the Berlin team, woman, hired in March 2024” probably identifies one specific person. The combination of a few seemingly innocent details is the classic GDPR trap. Reduce to the bare minimum the AI actually needs to help you.

For a .docx or an email, your editor’s “find and replace” is enough. Don’t paste the original and then ask the AI to anonymize it: you’ve already let the data into the system.

What if the file is a scanned PDF, a photo, or an audio file?

Find-and-replace doesn’t work on a PDF image, a scan, or a voice recording. Three options, in order of preference:

1. Go to the source of the document (the original .docx or .xlsx the author used) and anonymize there. A scanned PDF is almost always printed from a digital original.
2. Rewrite a shorter text version that captures only what the AI actually needs, in your own words. If you only need “the candidate has five years of experience in B2B marketing”, you don’t need the whole CV.
3. Extract the text with a local tool (an offline OCR, or “Export text” in macOS Notes, or a PDF editor that runs on your computer), then anonymize the extracted text and paste only that. Don’t upload the original PDF to a public AI to have it transcribed.

Quick check before pasting. Read the anonymized text as a stranger who finds it online. If you can still guess which company, which person, or which project it’s about, cut more. If the combination “role + city + hire date” identifies one specific employee in your department, it’s still identifiable, even without the name.

Enterprise, Team, Workspace plans, and what changes

Before getting into business plans, a distinction readers get wrong all the time: ChatGPT Plus, Claude Pro, Gemini Advanced are consumer plans, not business, even though they cost money and include “Pro” in the name. They’re designed for personal use: you pay for extra features (better model, higher usage limits) but the data guarantees don’t change. For the three guarantees below, a Plus account used at work is equivalent to a free account.

The companies that build the models sell proper business plans designed for work: ChatGPT Team and Enterprise (OpenAI), Claude Team and Enterprise (Anthropic), Gemini for Workspace (Google), Microsoft Copilot for Business and Enterprise (which runs on the Azure OpenAI backend: for those who don’t know, it’s a Microsoft offering that uses OpenAI’s models but with Microsoft Azure’s contracts, infrastructure, and privacy rules, typically more favorable for companies already on a Microsoft stack). Business plans usually offer three contractual guarantees.

• No training on your data by default. Your conversations and files aren’t used to train future models. On consumer plans this is opt-out (you have to turn it off manually); here it’s the reverse, opt-in (you have to turn it on if you want).
• Workspace isolation. Chats from one company’s employees aren’t mixed with another’s. Files uploaded by one account aren’t visible to other accounts, even within the same organization, unless explicitly shared.
• Admin control. An administrator can see who has access, apply stricter retention policies, disable features, receive usage logs, and revoke access when someone leaves.

What doesn’t change. The provider can still see your prompts to deliver the service; can keep them for the contractual retention period (typically 30 days, sometimes contractually configurable down to zero); can review them for abuse, security, and legal compliance. The physics of the problem (data leaves your machine and reaches a vendor) is identical. What changes is the contractual guarantees about what the vendor will or won’t do with that data.

Don’t trust the “Enterprise” label on the plan. Offerings shift across vendors and over time. The operational test: on the plan’s page, search for “data retention”, “training opt-out”, “DPA”. A DPA (Data Processing Agreement) is the contract between you, as the company that owns the data, and the provider. It states in writing that the provider processes the data on your behalf, not for its own use, and sets out guarantees and responsibilities. If those three terms aren’t clearly there, assume consumer-plan conditions until you have it in writing. On a Team plan you can still find clauses that allow the provider to use “public” or “shared” prompts to improve the service: read before you sign for the team.

NDAs, GDPR, AI Act

If you’ve signed an NDA with a client or a vendor, pasting NDA-covered material into a public AI is likely a contract violation, even if the AI doesn’t “publish” it. NDAs typically forbid “disclosure to third parties”, and the model provider is a third party. On a consumer plan this is almost always a problem; on Enterprise with a signed DPA it likely isn’t, but it depends on how the original NDA was written.

The GDPR covers all personal data of natural persons (clients, candidates, employees, vendors who are individuals), with stricter protection for special categories (health, political opinions, union membership, religion, sexual orientation, biometric data). If your company is the data controller, it has obligations on how this data is shared with third parties, even for “just a summary in ChatGPT”. The European AI Act adds specific obligations for high-risk uses (hiring, credit, certain healthcare cases) and transparency for AI systems used in decisions that affect people. Even if your work doesn’t fall in those areas, it’s worth knowing, because a single activity may put you in scope: a small consultancy that uses AI to screen CVs, for instance, is doing something the AI Act treats as high-risk.

You are not the legal team. But you are the first filter: when you have a concrete doubt about a single file, anonymize or don’t paste, and when needed ask the compliance contact, IT, or your manager. It’s faster than an incident.

Does your company have an AI policy?

If you work at a structured company, an internal AI policy probably already exists: search the intranet, your onboarding materials, or ask HR. If you find it, read it before bringing new tools to work.

If the policy doesn’t exist, you’re in the majority. Many companies, especially small and mid-sized ones, haven’t formalized one yet. If you handle sensitive data, putting the question on the table (with your boss, IT, legal, the DPO if there is one: Data Protection Officer, the role that in companies above a certain threshold oversees GDPR compliance) is part of your job, not overstepping. Three lines in an email is enough: “I use public AI for X and Y, I have doubts about which data I can or can’t pass to it, is there a company stance or should we draft one?”. Putting the issue on the radar is already half the work.

If you’re freelance, you don’t have a company behind you but you have clients, and the policy is built toward them: in the contracts you sign, check if there’s a clause on AI use with the client’s data. If there isn’t, raise the point during negotiation, especially if you handle sensitive data. A clause along the lines of “the contractor may use generative AI tools only on anonymized content” is reasonable for both sides.

The end of the module, and what’s next

In nine lessons you’ve seen the main work tasks with AI: hard emails, professional drafts, meetings, slides, data and tables, research, critical thinking with an artificial colleague, and projects so you don’t reload the context every time. What changes the result isn’t which model you use, it’s the judgment about what to delegate, how, and with what caution.

The next modules shift angle: For students speaks to people who are studying, For teachers to those who teach, Going deeper is a technical track for people who want to integrate AI into their own tools. The habits you’ve built here (anonymization, verification, iteration, persistent context) are the unwritten prerequisites for everything else.

📝 Check-in with your AI

Four questions to fix your understanding

6-8 min of check-in

Paste this into your AI. It will ask four progressive questions about the lesson, one at a time.

Copy the text below and paste it into your favourite AI (Claude, ChatGPT, Gemini, or another). Or download the file and give it to your AI as an attachment.

Copy the text Download Open