DDildin Control Tower
Book audit

10 June 2026 · 6 min

GDPR and AI agents: what your agents may see, and what they must not

A practical guide to running AI agents on business data under GDPR: data minimisation, role-based access, processors, and the habits that keep you defensible.

AI agents become useful the moment they touch real business data — CRM records, support tickets, invoices, email threads. That is also the moment GDPR starts to matter, because most of that data is personal data. The good news: running agents compliantly is mostly about habits and architecture, not paperwork.

Practical guidance, not legal advice. For edge cases, ask a privacy professional.

The mental model: agents are processors of your data

Under GDPR your company is the controller of customer and employee data. An AI vendor processing that data on your behalf is a processor. Two consequences follow immediately:

  • You need a data processing agreement with every AI provider whose models or tools see personal data. Serious providers publish one — if a vendor cannot show a DPA, that is your answer.
  • You remain responsible for what the agent does with the data. “The AI did it” is not a defence.

What agents may see: the minimisation rule

The single most useful GDPR principle for agent design is data minimisation: the agent gets the minimum data needed for the task, not “access to everything, just in case”. In practice:

  • A support agent needs the ticket and the relevant knowledge base — not the full customer purchase history.
  • A finance agent reconciling invoices can work read-only and does not need HR records in its context.
  • Identifiers can often be stripped or masked before text reaches a model: many tasks work just as well on “Customer A”.

What agents must not see

  • Special-category data — health, beliefs, biometrics, sexual orientation — unless you have a specific legal basis and a strong reason. Default answer: keep it out of agent context entirely.
  • Data of people who objected or whose deletion requests you honoured. Agent knowledge bases and logs count as storage too.
  • Anything you would not show a new contractor on their first day without an NDA and access controls. The intuition transfers perfectly.

Five habits that keep you defensible

  • Role-based access: each agent has its own scoped access, like an employee — not a master key.
  • Verified sources only: agents answer from approved knowledge bases, so personal data does not leak in via random context.
  • Logging: every agent action recorded — your evidence of control if anyone ever asks.
  • Retention: agent logs and contexts get cleanup rules, the same as any other data store.
  • Human approval: anything that leaves the company — emails, documents, decisions about people — passes a human first.

Where to start

Map where agents touch personal data today, check each point against the habits above, and fix the gaps in order of risk. That mapping is part of what an AI Agent Audit produces in its risk map — including data access and GDPR-relevant gaps. If you want it done with you, book an intro call.

All insightsBook an AI Agent Audit

Get started

Ready to put your AI under control?

Start with a focused AI Agent Audit — a clear map of risks, quick wins and a practical roadmap. No obligation to continue.

Book an AI Agent Audit