The question to ask first
When a company considers AI, the first question is usually "what can it do." But the right first question is different: "which of our data leaves the company in the process?" Because most AI tools you use through a browser today send the text you type to someone else's server.
This isn't cause for panic, it's cause for a deliberate decision. The difference between a safe and a risky deployment isn't whether you use AI, but whether you know what you put into it and where it goes. Think of it like the post: you don't write your account password on a postcard. An AI tool deserves the same understanding — some things simply don't belong in there.
What actually leaves
With a cloud AI tool, what leaves is what you type or upload into it — the text of your query, an attached document, a spreadsheet, the email thread you ask it to summarise. If an employee pastes a customer list with names and phone numbers into AI to "pull something out of it," they've just sent personal data to a third party.
And here's the subtlety that gets forgotten: some services may retain inputs or, under certain conditions, use them to improve the model. Others rule that out contractually. The difference is fundamental and isn't visible at a glance — you have to look for it in the terms of service. Before a company deploys anything, it's worth knowing exactly what happens to your data once it's sent.
GDPR in three sentences that get you started
You don't need to be a lawyer; three principles will do. First: personal data (name, email, phone, ID number, health information) has special protection, and you can't just send it anywhere. Second: when someone else processes it on your behalf — including an AI provider — you need a data processing agreement (DPA) with them, spelling out what they may and may not do with it.
Third: it matters where the data is physically processed. Transfer outside the EU has its own rules. This isn't bureaucratic harassment — it protects your customers and, at the same time, protects you from a fine. The good news is that serious AI providers routinely offer a DPA and can tell you where they process data. You just have to request and read it, not assume.
Cloud versus your own model: the difference that decides it
There are two basic routes. A cloud model (a large service you connect to over the internet) is powerful, cheap to start with, and needs no hardware of your own — but your data goes to the provider, and you have to trust them and have a contract in place.
Your own (self-hosted, on-prem) model runs on your server or in a private environment you control. The data never leaves the company, which is ideal for sensitive sectors — healthcare, law, finance. The cost is higher: hardware, maintenance, and a somewhat weaker model than the biggest cloud ones. The truth is that most small companies start in the cloud with sensible rules, and move to their own model only when a genuinely sensitive type of data forces them to. It isn't a contest, it's a choice based on what you're protecting.
Practical safeguards that actually work
Three measures cover a large share of the risk. The first is data minimisation: put into AI only what the task genuinely requires. If you want to summarise a contract, strip out ID numbers if the summary doesn't need them. Less data outside means less risk.
Second: no secrets in prompts. Passwords, API keys, login credentials, internal financial figures don't belong in a chat window — not even "just to test it." Third: clear rules for the team. A short internal note — "what we may and may not put into AI" — does more than the most expensive tool. Most data leaks don't come from an attack; they come from someone, in good faith, pasting in something that shouldn't have been there.
Balance, not fear
The takeaway isn't "AI is dangerous, don't use it." The takeaway is that it can be used safely if the deployment isn't accidental. Know which data leaves. Have a contract with the provider. For sensitive data, consider your own model. Give the team simple rules.
All of this can be prepared in a few days and will save you months of trouble. AI can genuinely help your company — and it can be done so that you don't wake up in the morning dreading what you've sent out. Security here isn't a brake; it's the condition that lets you use AI with a clear conscience.