The question that stalls every AI rollout
Somewhere in every workshop, someone asks whether it is safe to put their data into AI. It is the right worry and the wrong question, because "AI" is not one place. The convenience of a cloud tool and the strictness of GDPR only feel like opposites while you treat "cloud AI" as a single thing.
The clean way to sort it out is to stop thinking about the technology and start thinking about control - specifically, how much control you keep over where your data goes. That gives you three tiers. Once you can name them, the whole minefield turns into a simple matching exercise.
The three tiers of AI privacy
Think of the tiers as contractual classes, not products. This matters, because any single tool's settings can move with the next policy update - a provider's "we won't train on your data" toggle is not a promise you can build on. The tier is about the kind of agreement you have, and that is stable.
Tier 1: Consumer cloud - the public square
The free or standard paid web interfaces you log into in a browser: the everyday versions of ChatGPT, Claude, or Gemini. Your data leaves your network, is processed on the provider's servers, and may be logged or used to train future models unless you have explicitly opted out.
Treat anything you type here as if you posted it on a public blog. That is not a knock on the tools - it is the right mental model for a Tier 1 relationship. Fine for public and low-stakes material; wrong for anything you would not publish.
Tier 2: Enterprise cloud - the rented office
Still someone else's servers - a commercial API or an enterprise workspace on the likes of Azure, AWS, or a provider's business tier - but now with a legally binding contract protecting your data. Good Tier 2 providers offer zero-data-retention: your inputs are processed and discarded, not stored and not used for training.
This is where most real business work belongs. But a signed contract is the start of compliance, not the finish - see the catch below.
Tier 3: Local - the vault
Open models like Llama or Mistral run entirely on hardware you own or an isolated server you manage. Your data never crosses a network boundary: no third-party servers, no API logs, no external processing. This removes the third-party and cross-border risk entirely - the biggest risk in the whole picture - and makes GDPR dramatically simpler, because there is no external processor and no international transfer to manage. It does not make you invincible - a local box still needs patching and access control - but the exposure that keeps compliance officers awake is gone.
Matching your data to a tier
Not everything needs the vault. Most data has a natural home, and the task is to match the sensitivity of the data to the lowest tier that still protects it.
| Data type | Safe minimum tier | The catch |
|---|---|---|
| Public - marketing copy, generic code | Tier 1 | None. Use anything. |
| Confidential business - strategy, financial projections | Tier 2 | Get the no-training / zero-retention term in writing. This is your commercial risk, not the law's. |
| Personal data (PII) - names, emails, customer records | Tier 2 | A DPA is necessary but not sufficient - you also need a valid transfer mechanism if the data leaves the EU. |
| Health, legal, and other special data | Tier 3 by default | Tier 2 is possible with stricter conditions - see below. |
Two things the tiers alone do not tell you
A contract is not the finish line
The most common mistake after "all cloud is the same" is thinking a signed DPA makes you compliant. For an EU or Irish business, a Data Processing Agreement governs your relationship with the provider - but on its own it does not cover sending personal data to servers in the US. That needs a separate transfer mechanism: the provider certified under the EU-US Data Privacy Framework, or Standard Contractual Clauses in place. Most Tier 2 providers process in the US, so the honest test for personal data is a DPA and a valid transfer mechanism. One without the other is a gap.
You can move data down a tier
The tier a data type needs is a default, not a life sentence. Strip the names, emails, and identifiers out of a document and it is no longer personal data - it drops from PII to confidential, or even to public, and a lower tier opens up. Anonymising before you paste is the most useful habit a small team can build. One caveat: swapping names for codes you can reverse is pseudonymisation, and that is still personal data. Real anonymisation means you genuinely cannot get back to the person.
Where health and legal data actually sits
The cautious instinct is to say health records, legal-privileged material, and the like must live in the vault. Local is the safest default, and if you can run it there, do. But "must" overstates it. Hospitals and law firms run on governed cloud every day. Special-category data can legally sit in Tier 2 with a DPA, a valid transfer mechanism, and the extra condition GDPR requires for this class of data (Article 9). So the honest guidance is this: local by default for your most sensitive data, with well-governed enterprise cloud as a legitimate option when local is not practical and the stricter conditions are genuinely met - not a shortcut taken because the vault is inconvenient.
The line to remember
The biggest mistake is treating all "cloud AI" as the same. The jump from Tier 1 to Tier 2 - from a consumer web interface to a contracted commercial one - is the difference between a data breach and a compliant workflow. The second biggest mistake is thinking the contract is the finish line. Name the tier, match your data to it, and check the two catches: anonymise what you can, and make sure Tier 2 means a DPA and a lawful transfer, not just a DPA.
This is an operating model, not legal advice. For a real deployment, confirm the GDPR specifics - transfer mechanisms and Article 9 conditions - with a data protection adviser.
Put it to work: the Three Tiers of AI Privacy card is the one-page version of this piece; the Data Privacy Matrix turns it into a one-glance decision; and the Vendor Evaluation Card helps you check whether a tool is really Tier 2 or just says it is.