AI agents and GDPR: what your business owes when personal data goes wrong
Every AI agent that talks to customers, handles bookings, or responds to enquiries is almost certainly processing personal data. That creates obligations under the General Data Protection Regulation before any question of liability even arises. This guide explains what GDPR requires from SME operators running AI agents, where the exposure sits, and what you need to do now to avoid the second enforcement problem that follows an incident.
Key takeaways
- Any AI agent that receives a name, email, IP address, or behavioural data from a customer is processing personal data under GDPR. Your business, as the deploying operator, is the data controller.
- GDPR Article 82 gives individuals the right to compensation for damage caused by a data protection infringement. This right exists independently of any other liability claim arising from the same incident.
- A personal data breach involving an AI agent triggers a 72-hour notification requirement to your supervisory authority under Article 33, plus direct notification to affected individuals if the risk is high.
- Cyber insurance typically covers third-party compensation claims from data subjects but does not cover GDPR administrative fines, which are non-insurable in most EU jurisdictions.
- Before deploying any AI agent that conducts automated profiling, processes sensitive data, or monitors individuals at scale, you need a Data Protection Impact Assessment (DPIA) under Article 35.
Why GDPR and AI liability are two separate problems
When an AI agent causes harm to a customer, most operators think about the liability question first: did the agent make a mistake, and does our insurance cover it? That is the right instinct, but it is only half the picture. GDPR creates a parallel set of obligations that attach the moment personal data is involved, and those obligations do not wait for a liability claim to materialise.
Consider a common scenario. Your AI customer service agent has a conversation with a customer, stores the conversation log, and later a bug exposes that log to another customer's account. There is an obvious liability question: did the customer suffer harm from seeing the wrong data? But before you get there, GDPR has already triggered three separate obligations: you have experienced a personal data breach under Article 4(12) of Regulation (EU) 2016/679, you likely have a duty to notify your supervisory authority within 72 hours under Article 33, and you may have a duty to notify the affected individual under Article 34.
The liability claim might settle for a small amount or come to nothing. The regulatory response to a missed notification could cost you up to EUR 10 million or 2% of global annual turnover, whichever is higher, for a breach of the breach notification requirement alone. The two tracks operate independently and you have to manage both at the same time.
What counts as processing personal data through an AI agent
The scope of GDPR processing is broader than most SME operators expect when they first think about it in the context of AI. Under Article 4(1) of Regulation (EU) 2016/679, personal data is any information relating to an identified or identifiable natural person. Under Article 4(2), processing covers almost any operation performed on that data, including collection, storage, retrieval, use, and disclosure.
An AI agent processes personal data in every one of the following situations, all of which are common in SME deployments. A chatbot that asks for a customer's name and email to look up their order is processing personal data from the moment it receives the name. An AI scheduling tool that books appointments using a customer's calendar data is processing personal data. An AI email assistant that reads incoming customer emails to draft responses is processing personal data. An AI recommendation engine that tracks which products a customer viewed is processing behavioural data, which qualifies as personal data when it can be linked to an identifiable person. Even IP addresses are personal data when they can be used to identify a specific user.
The practical implication is that most AI agents deployed by SMEs are already processing personal data, whether or not the operators have thought about it in those terms. That processing needs a legal basis under Article 6 of GDPR. For customer-facing AI agents, the most commonly applicable bases are contract performance (the processing is necessary to provide the service the customer asked for) or legitimate interests (your interest in running a functional customer service system is not outweighed by the customer's privacy interest). Consent is rarely the right basis for AI agent interactions because it requires freely given, specific, informed, and unambiguous agreement for each processing purpose, which is difficult to obtain in the flow of an AI conversation.
The controller and processor distinction when using third-party AI
Most SMEs building AI agents do not build the underlying model themselves. They use an API from a provider such as Anthropic, OpenAI, or Google, and build their agent on top of that API. This creates a controller-processor relationship that has specific GDPR implications.
Your business is the data controller. You decide what data to collect from customers, what purposes to use it for, and how long to keep it. The AI provider whose API you use is, in most cases, a data processor: they process personal data on your behalf, under your instructions. Under Article 28 of GDPR, you are required to have a data processing agreement (DPA) in place with that processor. Most major AI API providers offer a standard DPA, but you need to sign it and confirm it covers your specific use case.
The controller status means that even if the AI provider's infrastructure caused the breach, you remain primarily liable to the data subjects. Article 82(2) of GDPR allows a controller to be exempted from liability if it proves that it is not in any way responsible for the event giving rise to the damage. In practice, this is a high bar. If you deployed the agent in a way that made the breach more likely (for example, by storing more data than the task required, or by failing to configure access controls correctly), you will struggle to satisfy that standard.
The data processing agreement also needs to specify what the AI provider can do with the data you send them. Several major AI providers, by default, use API inputs to train or improve their models. If your instructions contain customer personal data and you have not opted out of that training use, you may be providing customer data to a third party without a valid legal basis or a proper data sharing arrangement.
Breach notification: the 72-hour clock
Article 33 of GDPR requires you to notify your supervisory authority of a personal data breach without undue delay and, where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. For AI agent incidents, the 72-hour clock starts when you become aware that personal data may have been compromised, not when you complete your investigation.
AI-related breaches have a specific timing challenge. A bug in an AI agent can expose data to the wrong users for hours or days before anyone notices, because AI agents interact with many users simultaneously and the pattern of exposure is not always immediately visible. If a customer contacts you about seeing another customer's data, that is the moment you become aware, and the 72-hour clock starts then. If your monitoring system flags an anomaly, that is the moment you become aware. Not reporting within 72 hours because you are still investigating is not acceptable unless the delay is genuinely unavoidable and you can document why.
The notification must contain: the nature of the breach, the categories and approximate numbers of data subjects and personal data records affected, the name and contact details of your data protection officer or, if you do not have one, the relevant contact point at your organisation, the likely consequences of the breach, and the measures you have taken or propose to take to address the breach. If not all information is available within 72 hours, you can submit a first notification and follow up.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, Article 34 requires you to also communicate the breach directly to those individuals without undue delay. High risk, for this purpose, means the kind of breach that could lead to discrimination, identity theft, financial loss, damage to reputation, or other significant personal consequences. An AI agent exposing medical queries, financial details, or identifying combinations of data would typically meet this threshold.
The DPIA requirement for high-risk AI deployments
Before deploying an AI agent that involves high-risk processing, Article 35 of GDPR requires you to carry out a Data Protection Impact Assessment. The EDPB guidelines on DPIA identify nine types of processing that presumptively require one. Three of these are directly relevant to common AI agent deployments.
Automated decision-making with significant effects: if your AI agent makes decisions about individuals that produce legal effects or similarly significant effects, a DPIA is required. This covers AI agents that make credit decisions, pricing decisions, eligibility assessments, or any other consequential determination about a specific person. Systematic monitoring: AI agents that track customer behaviour across a website or platform, analyse conversation sentiment, or build profiles of individual users based on their interactions are conducting systematic monitoring. Large-scale processing: if your AI agent handles personal data relating to a large number of individuals, the scale threshold is context-dependent but the EDPB has suggested that any processing reaching significant portions of a regional population qualifies.
A DPIA does not prohibit the processing. It requires you to document the necessity and proportionality of the processing, the risks to individuals, and the measures you are taking to address those risks. If the residual risk remains high after mitigation, you must consult your supervisory authority before proceeding. The DPIA must be kept and updated as the AI system evolves.
Data minimisation and how to configure agents correctly
One of the most effective ways to reduce your GDPR exposure from AI agent deployments is to apply the data minimisation principle from Article 5(1)(c) of GDPR at the design stage. The principle requires that personal data be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
In practice, this means thinking carefully about what data your AI agent actually needs to do its job. An AI booking agent needs a customer's appointment preference and contact information. It does not need the full conversation history from every previous interaction unless there is a specific and documented reason. An AI customer service agent needs enough context to answer the current question. Storing every message indefinitely creates a growing liability for data that serves no operational purpose after the query is resolved.
Configuration choices that reduce data minimisation risk include: setting automatic deletion periods for conversation logs, instructing the AI agent not to request data it will not use, implementing field-level restrictions so the agent can only access the customer data fields it requires, and separating the AI agent's memory layer from the full customer database. These are not just good hygiene practices; they are enforceable obligations under Article 5(1)(c) and their absence can be cited as evidence of non-compliance in a supervisory investigation.
What to update in your business documentation
Deploying an AI agent that processes personal data requires updates to three categories of business documentation. These are not optional and are commonly missing in SME deployments.
First, your privacy notice. Article 13 of GDPR requires you to inform data subjects about how their data will be processed at the time it is collected. If your AI agent processes personal data in a way that was not described in your existing privacy notice, that notice needs to be updated. This includes disclosing that an AI system processes the data, the identity of any AI processors you use, and the retention periods for AI-generated data.
Second, your data processing register. Article 30 of GDPR requires controllers to maintain records of processing activities. AI agent deployments need to be added to this register with details of the data processed, the legal basis, the recipients (including the AI API provider), and the retention periods.
Third, the data processing agreement with your AI provider. As discussed above, Article 28 requires a DPA with any processor who handles personal data on your behalf. Check your agreements with your AI API provider, your cloud hosting provider, and any analytics tools connected to the agent. Each one that handles personal data needs a signed DPA in place.
Insurance: what covers GDPR claims and what does not
When GDPR exposure intersects with an AI agent incident, your insurance coverage needs careful checking. Most cyber liability policies are written to cover third-party claims from data subjects, which is the category most relevant to an AI-related data breach. The claim form is typically a compensation claim under GDPR Article 82 from a customer who suffered material or non-material damage because your AI agent mishandled their data. A cyber policy that includes data liability cover should respond to this type of claim, subject to its terms and exclusions.
What cyber policies do not cover in most EU jurisdictions is the GDPR administrative fine itself. Fines imposed by a supervisory authority are generally non-insurable under the laws of most EU member states, because allowing insurance to cover regulatory penalties would undermine their deterrent purpose. A fine of EUR 100,000 from a data protection authority for failing to notify a breach within 72 hours is not a cost your cyber insurer will pay, regardless of what your policy says about regulatory proceedings.
There is also an emerging gap in existing cyber policy wordings around AI-specific incidents. Policies written before 2024 typically contemplate data breaches caused by external attackers or by accidental disclosure by employees. An AI agent that exposes data due to a hallucination, a prompt injection attack, or an internal configuration error may not map neatly onto those definitions. Before assuming your cyber policy covers AI-related data incidents, check whether the wording specifically includes autonomous AI system failures, and ask your broker to confirm in writing. For a broader look at how policy exclusions work across different AI incident types, that guide covers the exclusion landscape in detail.
The question of who is ultimately liable when your AI agent causes harm covers the broader liability chain, which intersects with GDPR when the harm involves personal data. For operators who want to understand their coverage position before a specific incident occurs, the coverage pathway guide explains the three steps toward building a defensible coverage position for AI deployments.
A practical GDPR checklist for AI agent operators
If you are currently running an AI agent or about to deploy one, work through the following five checks. Each one addresses a specific GDPR requirement that is commonly overlooked in SME deployments.
Check 1: legal basis. Identify the legal basis under Article 6 of GDPR for each type of personal data your AI agent processes. Document it. If you cannot identify a valid legal basis for a specific processing activity, do not do it.
Check 2: privacy notice. Review your public-facing privacy notice and confirm it accurately describes how your AI agent processes personal data. If the notice does not mention AI processing or does not name the AI provider whose API you use, update it before your next customer interaction through the agent.
Check 3: processor agreement. Confirm that you have a signed data processing agreement with your AI API provider. Most major providers offer one; you may need to actively sign it or configure your account to apply it. Do the same for your cloud hosting provider and any analytics tools connected to the agent.
Check 4: DPIA assessment. Review whether your AI agent's processing activities meet any of the EDPB's nine high-risk criteria. If they do, carry out a DPIA before the agent processes any more data. If they do not, document that you assessed this and concluded a DPIA was not required.
Check 5: breach response procedure. Confirm that someone in your organisation knows what to do within 72 hours of identifying a personal data breach involving the AI agent. That means knowing how to contact your national supervisory authority, what information to include in a first notification, and who is responsible for making the call. If no one knows, fix this before it becomes relevant under pressure.
Frequently asked questions
Does GDPR apply to my AI chatbot or AI agent?
Yes. If your AI agent receives, stores, or processes any information that can identify a natural person, including name, email address, IP address, or behavioural data, GDPR applies to that processing. Your business, as the entity that deployed the agent, is the data controller and bears the obligations under Regulation (EU) 2016/679 regardless of which AI provider you used to build it.
Am I liable if my AI agent shares customer personal data incorrectly?
Yes. Under Article 82 of GDPR, any person who has suffered material or non-material damage as a result of an infringement of the regulation has the right to receive compensation from the controller or processor. As the operator who deployed the agent, you are the data controller. The AI provider you used may also have liability as a processor, but your exposure exists independently of theirs.
When do I need a Data Protection Impact Assessment for my AI agent?
A DPIA is required under Article 35 of GDPR when processing is likely to result in a high risk to the rights and freedoms of natural persons. AI agents that conduct automated decision-making with significant effects, process sensitive categories of data, or systematically monitor individuals at scale meet this threshold. If your AI agent does any of these things, a DPIA is required before you deploy it.
What must I do within 72 hours of an AI-related personal data breach?
Under Article 33 of GDPR, you must notify your supervisory authority within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to individuals. The 72-hour clock starts when you first become aware, not when you finish your investigation. If the breach creates high risk to individuals, Article 34 requires you to also notify those individuals directly.
Does my cyber insurance cover GDPR fines and third-party data breach claims?
Cyber insurance typically covers third-party compensation claims from data subjects under GDPR Article 82. However, GDPR administrative fines imposed by supervisory authorities are almost never covered, because most EU member state laws treat them as non-insurable. Check whether your cyber policy wording specifically addresses AI-generated data incidents, as older policies may not contemplate autonomous system failures.
References
- Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation), Articles 4, 5, 6, 13, 28, 30, 33, 34, 35, 82.
- European Data Protection Board, Guidelines on Data Protection Impact Assessment (DPIA), WP 248 rev.01, adopted October 2017.
- Regulation (EU) 2024/1689 of the European Parliament and of the Council (the EU AI Act), general operator obligations context.
- Moffatt v. Air Canada, Civil Resolution Tribunal, British Columbia, February 2024, File Number: SC-2022-010183. Establishes operator liability for AI chatbot outputs.
- European Data Protection Board, Guidelines 07/2020 on the concepts of controller and processor in the GDPR, adopted July 2021.
- AIUC-1 AI Agent Certification Standard, Artificial Intelligence Underwriting Company, 2025.