Short answer: ChatGPT is not "GDPR compliant" by default for European teams. Compliance is a posture you assemble, not a checkbox a vendor ticks. To use ChatGPT lawfully under the GDPR in 2026, an EU controller has to (1) sign OpenAI Ireland Limited's Data Processing Addendum, (2) operate on a tier that excludes prompts from training and supports EU data residency where applicable, (3) identify a lawful basis under Article 6 (and Article 9 for special-category data), (4) run a DPIA when the processing is likely to result in high risk, (5) implement Article 32 technical measures including pseudonymization at the source, and (6) document the lot in the Article 30 record. None of that is automatic on ChatGPT Free or Plus. This guide walks through, in plain English, what each ChatGPT tier means for GDPR in 2026 — and the controls that hold up under a supervisory-authority audit.

What the GDPR actually requires of an AI tool

The GDPR doesn't have an "AI annex." It applies to ChatGPT the same way it applies to any other processor: through six obligations that all attach the moment a prompt containing personal data leaves the user's device.

Lawful basis (Article 6). Each processing activity needs a basis: contract, legal obligation, vital interest, public task, legitimate interest, or consent. For "draft an email mentioning a customer," legitimate interest is usually the operative basis — but only if the balancing test is documented and the data subject's expectations support it.
Special-category data (Article 9). Health, racial or ethnic origin, political opinion, religious belief, biometric and genetic data, sex life or orientation, and trade-union membership. Sending any of these to ChatGPT requires explicit consent or one of the narrow Article 9(2) exemptions. There is no "legitimate interest" path for special-category data.
Transparency (Articles 13–14). Data subjects must be told that their personal data is being processed by an AI tool, the categories involved, the recipients (OpenAI Ireland Limited, plus any sub-processors), the retention period, and their rights.
Data subject rights (Articles 15–22). Access, rectification, erasure, restriction, portability, objection, and the right not to be subject to solely-automated decisions with legal or similarly significant effects. ChatGPT outputs that make such decisions trigger Article 22.
International transfers (Chapter V). OpenAI's EU customers contract with OpenAI Ireland Limited, but processing still occurs in part on US infrastructure under Standard Contractual Clauses and supplementary measures. The Schrems II analysis applies.
Security of processing (Article 32). Pseudonymization, encryption, ongoing confidentiality and integrity, and the ability to restore availability after an incident. Article 32(1)(a) calls out pseudonymization by name — which is exactly what a local-first redaction tool produces.

A vendor cannot make a controller "GDPR compliant." A vendor can only avoid being the thing that breaks compliance. Read every "GDPR-compliant ChatGPT" claim in that light.

ChatGPT tier-by-tier GDPR posture (April 2026)

| Tier | DPA available? | Default training | EU data residency option | Sub-processors disclosed | BAA-equivalent for special-category data | | --- | --- | --- | --- | --- | --- | | ChatGPT Free | No | Yes (opt-out in Data Controls) | No | Limited | No | | ChatGPT Plus | No | Yes (opt-out) | No | Limited | No | | ChatGPT Pro (consumer) | No | No (excluded by default) | No | Limited | No | | ChatGPT Team | Yes — OpenAI Ireland Limited DPA | No | Limited; varies by SKU | Yes | Limited | | ChatGPT Enterprise / Edu | Yes — DPA + EU data residency for eligible customers | No | Yes (for stored content; inference compute may transfer) | Yes | Yes (with appropriate contractual terms) | | OpenAI API (default) | Yes — DPA | No | EU residency available on eligible plans | Yes | Yes | | OpenAI API + Zero Data Retention | Yes | No | Yes | Yes | Yes (strongest posture) |

A few things to notice:

Free and Plus are not covered by a DPA. That alone makes them unsuitable for processing personal data of EU data subjects on behalf of a controller. They are a B2C contract between the individual user and OpenAI; the user is the controller of their own personal data, not the employer.
The training default is the loudest GDPR signal in the table. Article 5(1)(b) ("purpose limitation") and Article 5(1)(c) ("data minimisation") are difficult to reconcile with prompts being used to train future models. OpenAI's enterprise tiers exclude training by default, which removes that conflict.
EU data residency does not eliminate transfers. Even on Enterprise with EU data residency, OpenAI is a US-headquartered company, parts of the model lifecycle run in the US, and US government access requests under FISA 702 remain a Schrems II concern. The mitigation is a combination of SCCs, supplementary measures, and — most directly — minimising the personal data that ever leaves the device.

The Italian Garante decision and what it actually held

In December 2024, the Garante per la protezione dei dati personali fined OpenAI €15M and ordered remediation in connection with ChatGPT's launch period. The substantive findings, simplified:

OpenAI had no lawful basis under Article 6 for the personal data it processed during model training prior to the company designating one.
Transparency to data subjects under Articles 13–14 was insufficient.
Age-verification controls were inadequate.
A breach notification obligation under Article 33 had been triggered and not properly fulfilled.

The decision matters for European deployments because it confirmed two things European DPAs broadly agree on: (1) GDPR applies to model training, not just inference, and (2) "we're a US company" is not a defence. Subsequent guidance from the EDPB (May 2024 opinion on legitimate interest and AI; 2025 follow-ups) reinforced that controllers using ChatGPT are responsible for their own lawful basis even when the underlying training was a separate matter.

For a 2026 European deployment, the practical implication is that controllers must document their own basis for every category of prompt — not rely on OpenAI's broader posture.

What goes wrong in real European deployments

Across the deployments we've seen and the supervisory-authority decisions that have leaked into the public record, four patterns recur:

Personal data in prompts on Free or Plus. The single most common breach pattern. An employee pastes a customer email into ChatGPT to translate or rewrite it. The customer's personal data is now processed by a US sub-processor with no DPA, with training enabled by default, with no documented lawful basis. This is an Article 6, Article 28, and (if special-category) Article 9 breach in a single prompt.
Special-category data via consumer Plus. A clinician summarising a patient note. A HR manager analysing an absence pattern that reveals a disability. A nonprofit logging refugee case files. Article 9 explicit consent has not been obtained — and even if it had, Plus does not have the contractual measures to support special-category processing.
Automated decisioning without an Article 22 carve-out. Using ChatGPT to triage CVs, score loan applications, or generate disciplinary recommendations and acting on the output without meaningful human review. The data subject has rights under Article 22 that the workflow has not honoured. The EU AI Act overlay (Annex III high-risk classifications) compounds this materially in 2026.
No DPIA where one was required. Article 35 requires a Data Protection Impact Assessment whenever processing is likely to result in a high risk to data subjects' rights and freedoms. The CNIL, the Garante, and the ICO have all published guidance treating "use of generative AI on personal data at scale" as DPIA-triggering. Deployments without a documented DPIA have already been cited by multiple DPAs.

The control layers that hold up under audit

A defensible 2026 deployment is a stack, not a single product:

Contract layer

OpenAI Ireland Limited DPA signed for every EU controller relationship — Team, Enterprise, Edu, or API.
Standard Contractual Clauses for the international transfer to US infrastructure, with the supplementary measures specified in EDPB Recommendations 01/2020.
Sub-processor list reviewed against the controller's own register and updated when OpenAI publishes changes.
EU data residency elected on Enterprise / API where the workload supports it.

Tier-and-settings layer

No personal data on Free or Plus. Period. This is a policy, not a guideline.
Training disabled on every tier, by configuration where required.
Retention configured as low as the workload allows — Zero Data Retention on the API for sensitive workloads.
Memory features off unless their use is documented in the Article 30 register and surfaced in transparency notices.

Data-minimisation layer (the one that prevents the breach)

This is the layer where Sonomos sits. Articles 5(1)(c) and 32(1)(a) push controllers toward processing the minimum personal data necessary and toward pseudonymisation. A local-first browser extension that detects personal data in the browser and replaces it with reversible tokens before the request leaves the device delivers both:

The prompt OpenAI receives contains pseudonyms, not personal data. From the GDPR's perspective, the personal data has not been transmitted to OpenAI — there is no international transfer of personal data to scrutinise.
The user gets a useful response. Sonomos un-tokenises the response locally, so the workflow is preserved.
Detection happens in the browser. Sonomos itself does not see the personal data, so installing Sonomos does not create a new processor relationship that needs its own DPA.

This is the "supplementary measure" that EDPB Recommendations 01/2020 explicitly contemplates: a technical measure that "prevents access by [the importing] authorities" because the data is rendered non-personal before it crosses the border.

Governance layer

Article 30 record updated to include each ChatGPT processing activity, lawful basis, recipient, retention, and transfer mechanism.
DPIA completed for any high-risk processing. Refresh it whenever the tier, model, or data scope changes.
Transparency notices updated to disclose AI processing where required by Articles 13–14 and the EU AI Act's Article 50.
Data subject request workflow that can locate, export, rectify, and erase personal data within ChatGPT — including the memory feature.
Training and acceptable-use policies that name ChatGPT explicitly. Generic "be careful with AI" guidance is not a control.

EU AI Act overlay

The EU AI Act doesn't replace the GDPR; it stacks on top of it. For ChatGPT specifically:

General-purpose AI obligations (Articles 51–55) attach to OpenAI as a GPAI provider, including transparency about training data and copyright, model evaluation, and serious-incident reporting. Most of these are OpenAI's obligations, but a deployer needs evidence the provider is meeting them.
Annex III high-risk classifications apply when ChatGPT is used as a component of a system in education, employment, access to essential services, law enforcement, migration, justice, or critical infrastructure. High-risk obligations include risk-management systems, data governance, technical documentation, logging, transparency, human oversight, and post-market monitoring.
Article 50 transparency obligations — "synthetic content must be labelled," "users must be informed when interacting with an AI" — apply to deployers, not just providers.
Prohibited practices (Article 5) include emotion recognition in workplaces and schools, untargeted scraping of facial images, and certain biometric categorisations. ChatGPT processes input that touches these areas if you let it; the prohibition runs to the deployer, not OpenAI.

The EU AI Act's risk classifications cascade into GDPR through Article 35 — high-risk under the AI Act is essentially per-se DPIA-triggering under the GDPR.

Frequently asked questions

Is ChatGPT Enterprise GDPR compliant?

ChatGPT Enterprise is the closest commercially available off-the-shelf ChatGPT tier to a GDPR-defensible deployment, but "compliant" is a posture, not a label. Enterprise gives you the DPA, training-excluded-by-default, EU data residency for stored content on eligible plans, audit logs, and SAML SSO. The deployer is still responsible for lawful basis, transparency, data subject rights, DPIA where applicable, and Article 32 measures — including data minimisation. Enterprise + a local-first redaction layer + a documented DPIA + an updated Article 30 record is a posture that holds up under audit. Enterprise alone is not.

Can EU teams use ChatGPT Free or Plus for personal data?

No, and this is not a close call. Free and Plus are consumer subscriptions without a controller-processor DPA. Using them to process personal data of EU data subjects on behalf of an employer is an Article 28 breach (no DPA), almost always an Article 6 or 9 breach (no documented lawful basis), and usually an Article 32 breach (no documented technical measures). The exposure is not theoretical — multiple DPAs have warned controllers about exactly this pattern.

Does OpenAI's "DPF" certification cover ChatGPT?

OpenAI participates in the EU-US Data Privacy Framework, which provides one of the lawful transfer mechanisms under Article 45 / 46. DPF covers data transferred from the EEA to OpenAI's US-based operations subject to the framework's principles. It is one mechanism among several (SCCs are the more commonly relied-on mechanism in practice). DPF does not, on its own, cure deficiencies in lawful basis, transparency, retention, or data minimisation; those are still the controller's obligations.

How does the new memory feature affect GDPR analysis?

Memory turns ChatGPT into a system that retains personal data across sessions and can use it to personalise future responses. Under the GDPR, that retention is itself processing — and it has to be on a lawful basis, surfaced in transparency notices, and subject to data subject rights. In practice, memory features should be off for any work account unless the controller has explicitly evaluated them, included them in the DPIA, and built a workflow to honour erasure and access requests against the memory content. ChatGPT exposes memory contents to the end user, but enterprise admin tooling for memory is still maturing.

What is the role of pseudonymisation in a 2026 GDPR posture?

Article 32(1)(a) names pseudonymisation as a security measure. Recital 28 frames it as a way to reduce risks to data subjects and help controllers meet their obligations. EDPB Recommendations 01/2020 treat strong pseudonymisation in the EU before transfer as a supplementary measure that can support international transfers. In an AI workflow, pseudonymisation-at-the-source is the most powerful Article 32 measure available because it converts the protected category — personal data — into something that is not personal data, before any cross-border transfer happens. A local-first browser extension is one of the few practical ways to deliver pseudonymisation at scale across an organisation without a multi-quarter integration project.

Do we need a DPIA before letting employees use ChatGPT?

If the use is "likely to result in high risk to the rights and freedoms of natural persons," yes — Article 35 makes a DPIA mandatory. CNIL, ICO, and the Garante have all said in published guidance that organisation-wide rollout of generative AI on personal data clears that bar. In our reading, every European controller deploying ChatGPT for work involving personal data should run a DPIA. The scope can be tier-specific (separate DPIAs for Free/Plus blanket-prohibited use vs. Enterprise sanctioned use) and should be refreshed whenever the model, the tier, or the data scope materially changes.

The bottom line

ChatGPT is GDPR-compliant in exactly the same sense that AWS is GDPR-compliant: it is the building block of a defensible posture, not a finished one. The deployments that hold up under EU supervisory-authority scrutiny are the ones that combine the contract layer, the tier-and-settings layer, the data-minimisation layer, and the governance layer — and that put pseudonymisation as close to the user's keyboard as possible.

If you only do one thing this quarter, it is not "buy ChatGPT Enterprise." It is "stop personal data from reaching ChatGPT in the first place." Everything else in the posture compounds from there.

Is ChatGPT GDPR Compliant? A 2026 Guide for European Teams