The integration of Large Language Models (LLMs) like ChatGPT, Claude, or Gemini into business processes offers medium-sized companies enormous opportunities for efficiency gains and innovation. At the same time, critical questions arise regarding data protection, information security, and legal compliance.
With the increasing use of AI language models in business-critical areas, the need to protect data and minimize legal risks is growing. According to a 2024 Bitkom study, 68% of German medium-sized companies already use LLMs – yet only 31% have implemented comprehensive data protection measures. This discrepancy poses significant risks.
We will show you how to use these technologies safely and in compliance with regulations in your company – without having to sacrifice the benefits.
The LLM Revolution: Opportunities and Risks for Mid-sized Businesses
The use of Large Language Models has grown exponentially since the release of ChatGPT in late 2022. By 2025, LLMs have become an essential part of daily business operations – from automated document creation and intelligent assistance systems to specialized applications in sales, marketing, and customer service.
Current State of LLM Usage in Business Context (2025)
According to a recent study by the digital association Bitkom, 68% of medium-sized companies in Germany now use generative AI systems. The main application areas are:
- Text generation and optimization (84%)
- Automated correspondence (71%)
- Information research and summarization (65%)
- Programming and code assistance (42%)
- Customer support and chatbots (38%)
Particularly notable: Medium-sized businesses are catching up in AI adoption. While in 2023 there was still a clear gap between large enterprises and SMEs, today even smaller companies with 10-50 employees are increasingly adopting AI solutions. According to a survey by ZEW Mannheim, 47% of companies in this size category have implemented at least one LLM-based application in the past year.
Data Protection and Security Concerns from a Mid-Market Perspective
The widespread adoption of LLMs stands in contrast to the implemented protection measures. A concerning discrepancy becomes apparent:
- Only 31% of LLM-using companies have established comprehensive data protection policies
- Just 28% conducted a formal data protection impact assessment
- Less than 25% systematically train their employees in the safe use of LLMs
This disparity poses significant risks. While public discussion is often dominated by speculative AI risks, the concrete data protection and security problems are very real and immediate.
Medium-sized businesses face specific challenges:
“Mid-sized companies must manage the balancing act between innovation speed and data protection compliance – often without dedicated AI experts or large legal departments.” — Dr. Ulrich Kemp, Digital Expert at DIHK (German Chamber of Industry and Commerce)
Most Common Use Cases and Their Risk Potential
Different LLM use cases carry different risks. A differentiated approach is therefore essential:
| Use Case | Typical Usage in Mid-sized Companies | Primary Risks | Risk Potential |
|---|---|---|---|
| General Text Generation | Emails, reports, marketing copy | Unintentional disclosure of internal information through prompts | Medium |
| Internal Knowledge Bases (RAG) | Access to company knowledge, documents, processes | Exposure of sensitive company data, confidentiality breaches | High |
| Customer Service | Chatbots, support assistants | Processing of personal customer data, compliance violations | Very High |
| Decision Support | Analysis of business data, forecast functions | Incorrect decision bases, algorithmic bias | High |
| Software Development | Code generation, debugging | Security vulnerabilities, IP rights violations | Medium |
The insight: Companies need to consider risks in a differentiated manner and prioritize protective measures accordingly. A chatbot with customer contact requires stricter measures than an internal text creation tool.
The good news: With the right technical and organizational measures, these risks can be effectively contained. In the following sections, you will learn how to create a legally compliant framework and implement concrete protective measures.
Legal Foundations: GDPR Compliance in LLM Usage
The legally compliant use of LLMs in a business context requires a solid understanding of current data protection regulations. In particular, the GDPR places specific requirements on the handling of personal data that must be considered when using LLMs.
Data Protection Classification of LLMs (2025)
From a data protection perspective, any processing of personal data by LLMs must comply with GDPR principles. The legal landscape has evolved significantly since the early days of generative AI.
In 2025, there are important legal clarifications:
- LLMs fall under the provisions of the EU AI Act, which defines graduated requirements according to risk category
- Data protection authorities have specified the application of GDPR to LLMs in joint guidelines
- Landmark court decisions (including ECJ rulings on AI systems) have refined the legal framework
The correct classification of LLM deployment is crucial. Depending on the use case, the usage may be assessed differently:
“The data protection assessment of AI systems like LLMs depends critically on the specific purpose of use and the data processed. A blanket classification is not possible.” — Prof. Dr. Rolf Schwartmann, Chairman of the Society for Data Protection and Data Security
Responsibilities and Liability Risks for Companies
When using LLMs, companies as controllers under the GDPR bear a range of obligations. Non-compliance can lead to significant liability risks.
The key responsibilities include:
- Lawfulness of processing: Ensuring a valid legal basis for data processing (Art. 6 GDPR)
- Transparency: Meeting information obligations toward data subjects regarding data processing by LLMs (Art. 13, 14 GDPR)
- Data security: Implementation of appropriate technical and organizational measures (Art. 32 GDPR)
- Data Protection Impact Assessment (DPIA): Required when there is a high risk to the rights and freedoms of natural persons (Art. 35 GDPR)
- Accountability: Demonstrating GDPR compliance for all LLM-based processes (Art. 5(2) GDPR)
Violations can result in serious consequences:
- Fines of up to 20 million euros or 4% of global annual turnover
- Civil liability for damages caused by unauthorized data processing
- Orders from supervisory authorities, including injunctions
- Reputational damage and loss of trust among customers and partners
Special attention should be paid to data processing agreements with external LLM providers:
When using external LLM services such as Microsoft Copilot, OpenAI’s ChatGPT, or Google Gemini, this typically constitutes data processing on behalf of a controller. This requires the conclusion of a legally secure Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.
Problematic: Not all LLM providers offer GDPR-compliant DPAs as standard. Careful examination is essential here.
Industry-Specific Considerations
In addition to the GDPR, many industries must observe additional regulatory requirements:
| Industry | Specific Regulations | Special Requirements for LLMs |
|---|---|---|
| Healthcare | Patient Data Protection Act, KHZG | Increased requirements for medical data, doctor-patient confidentiality |
| Financial Sector | MaRisk, BAIT, MiFID II | Strict rules for automated decisions, explainability |
| Energy Sector | KRITIS Regulation, IT Security Act | Special protection measures for critical infrastructure |
| Public Sector | E-Government laws, OZG | Additional transparency requirements, ban on fully automated decisions |
For medium-sized companies, this means: The legal requirements must be evaluated on an industry-specific basis. What is sufficient for a trading company may be inadequate for a healthcare provider.
The key to legally compliant LLM usage lies in systematic risk assessment and the implementation of protective measures based on it – exactly what we’ll look at in the next section.
Data Protection Risks with LLMs: A Systematic Analysis
To develop effective protective measures, you must first understand the specific risks associated with LLM usage. A structured risk assessment based on the classic information security objectives – confidentiality, integrity, and availability – helps to systematically identify potential threats.
Confidentiality: Prompt Engineering and Unintentional Data Disclosure
The greatest threat to confidentiality is the unintentional disclosure of sensitive information through careless prompts. This effect, known as “prompt leakage,” frequently occurs when employees interact with LLMs without appropriate training.
Examples of critical confidentiality risks:
- Data leakage through prompts: Employees include confidential information (customer data, trade secrets, internal strategies) in prompts that are then processed on external servers
- Training with user data: Some LLM providers use user inputs for model improvement, unless explicitly disabled
- Insecure interfaces: Unencrypted transmission of prompts and responses
- Lack of access restrictions: All employees have access to the same LLM functions, regardless of their permission level
A study by the Technical University of Munich from 2024 found that 57% of surveyed employees in medium-sized companies had unintentionally included sensitive information in prompts at least once – often due to a lack of knowledge about how the systems work.
“Many users treat LLMs like a closed system, similar to local software. The awareness that inputs are transmitted to external servers is often not present.” — Dr. Sarah Müller, Data Protection Officer and AI Expert
Integrity: Hallucinations and False Information
LLMs are known for their “hallucinations” – the generation of convincing but factually incorrect content. This endangers the integrity of business processes and can lead to serious misjudgments.
Key integrity risks:
- Incorrect or outdated information: LLMs can generate convincing but substantively false answers
- Incomplete legal information: Particularly problematic when advising on compliance issues or regulatory requirements
- Prejudices and biases: LLMs can produce discriminatory or one-sided content
- Erroneous decision bases: When used for decision support, LLMs can lead to incorrect business decisions
Particularly tricky: Despite significant improvements in models in recent years, the hallucination problem persists. According to an analysis by Gartner from 2024, about 25-35% of all LLM responses in business contexts contain at least one factual inaccuracy – a risk that should not be underestimated.
Availability: Dependencies on External Services
Dependency on external LLM providers brings its own risks for the availability of business-critical processes:
- Service interruptions: Outages at external providers lead to process disruptions in the company
- Sudden API changes: Providers can change interfaces or functionalities without much advance notice
- Discontinuation of services: LLM providers can discontinue certain models or services
- Overload during peak demand: Delays or unavailability during high utilization
For business-critical applications, this represents a significant risk. A BCG study shows that 32% of medium-sized companies already use LLMs in core business processes – often without adequate contingency plans.
Security Risks: Prompt Injection and Other Attack Vectors
Beyond the classic data protection risks, there are targeted attack methods against LLM applications that are gaining increasing importance:
- Prompt Injection: Introducing manipulative instructions that cause the LLM to perform unintended actions or bypass security guidelines
- Jailbreaking: Techniques to circumvent security and content restrictions of LLMs
- Membership Inference Attacks: Inferences about whether certain data was used in training the model
- Model Inversion: Attempts to extract training data from the model
These attack vectors are constantly evolving. According to the OWASP (Open Web Application Security Project) LLM Top 10 Ranking of 2024, prompt injection and security bypasses represent the most common security risks for LLM applications.
A special threat: Social engineering becomes significantly more effective with LLMs. Attackers can create more convincing phishing emails or fraud attempts that can deceive even trained employees.
The overall risk results from the combination of these various factors and must be assessed individually for each use case. In the next section, you’ll learn which technical protection measures can effectively contain these risks.
Technical Protection Measures: Infrastructure and Implementation
The identified risks require robust technical protection measures. These form the foundation for GDPR-compliant LLM usage in a business context. Different security levels are appropriate depending on the sensitivity of the processed data and the specific use cases.
Local vs. Cloud-based LLM Solutions
A fundamental decision concerns the choice between cloud-based and local LLM solutions. Both approaches have specific advantages and disadvantages that must be carefully weighed:
| Aspect | Cloud-based LLMs | Local/On-Premise LLMs |
|---|---|---|
| Data Protection | Data transfer to third parties, higher risk | Data remains within the company, greater control |
| Performance | Access to state-of-the-art models, regular updates | More limited model size, delayed updates |
| Costs | Usage-based billing, low initial investment | High initial costs for hardware, lower ongoing costs |
| Scalability | Flexible scaling as needed | Limited by local hardware resources |
| Compliance | Dependent on the provider, potentially problematic for highly regulated industries | Easier to design in a GDPR-compliant manner, full control |
The trend is towards hybrid solutions: While in 2023, 82% of companies used exclusively cloud LLMs, by 2025, 41% of mid-sized businesses are already using hybrid models that run sensitive applications locally and less critical ones in the cloud.
For highly sensitive data and regulated industries, local solutions like LLaMA 3, Mistral, Bloom, or MiniLLM now offer sufficient performance with reasonable resource requirements. These can be operated on company-owned hardware or in a private cloud.
“The decision between cloud and on-premise LLMs should not be made across the board, but based on the use case. A hybrid strategy allows optimal use of the respective strengths.” — Michael Weber, CTO of a medium-sized software company
Secure Architecture Models for LLM Applications
Regardless of the fundamental decision between cloud and on-premise, a secure architecture for LLM applications is essential. A proven approach is the “defense-in-depth” principle with multiple security layers:
- Input validation and sanitization:
- Implementation of prompt filters to detect sensitive content before submission to the LLM
- Pattern matching for personally identifiable information (PIIs) such as credit card numbers, social security numbers, etc.
- Automatic anonymization of identified sensitive data
- Secure communication:
- End-to-end encryption (TLS 1.3) for all API communication
- Secure API key management with regular rotation
- IP-based access restrictions for API endpoints
- Access management:
- Role-based access controls (RBAC) for LLM functions
- Multi-factor authentication for all LLM access
- Granular permissions depending on usage context and sensitivity
- Monitoring and auditing:
- Complete logging of all LLM requests and responses
- Automated anomaly detection for suspicious request patterns
- Regular security audits and penetration tests
A particularly effective approach is the implementation of an “AI Gateway” as a central control instance for all LLM interactions. This gateway can:
- Perform prompt filtering and validation
- Ensure GDPR-compliant logging
- Conduct authorization checks
- Mediate between different LLMs when needed
Leading companies are increasingly using such centralized gateway solutions that ensure a consistent security standard across all LLM applications.
Anonymization and Pseudonymization in Practice
Anonymization and pseudonymization are central techniques for enabling GDPR-compliant use of LLMs – especially when personal data must be processed.
Effective anonymization methods for LLM contexts include:
- Pattern-based detection and replacement: Automatic identification and masking of PIIs such as names, emails, phone numbers
- Named Entity Recognition (NER): AI-supported recognition of entities such as person names, organizations, locations
- Differential privacy: Introduction of controlled inaccuracies to make re-identification difficult
- Aggregation: Summarizing individual data into group statistics
Practical example: A mid-sized insurance company uses LLMs to analyze claims reports. Before processing, all personal data is replaced by a pre-processing anonymization service:
Original prompt: "Analyze the claim from Anna Müller (Contract no. V123456, Tel. 0170-1234567), water damage on 15.03.2025"
Anonymized prompt: "Analyze the claim from [NAME] (Contract no. [CONTRACT_NUMBER], Tel. [PHONE]), water damage on [DATE]"
In this case, the information relevant for the analysis is preserved, while the personal data is protected.
Securing Data Access and Transport
The secure transmission and storage of data in connection with LLM usage requires specific measures:
- Transport encryption: TLS 1.3 for all API communication, secure cipher suites
- Storage encryption: Encryption of all stored prompts and responses
- Private VPN tunnels for communication with external LLM services
- Data residency: Ensuring that data is processed exclusively in compliant jurisdictions
- Secure caching: Encrypted and time-limited storage of results
A practical implementation of these measures might look like this:
- Company-specific API gateway for all LLM requests
- VPN tunnel to the LLM provider with defined IP ranges
- Encrypted caching of frequent requests to reduce data transmissions
- Automatic deletion of all requests and responses after a defined retention period
The technical protection measures must always go hand in hand with the selection of suitable LLM solutions and providers – the topic of the next section.
Selection of Data Protection Compliant LLM Solutions
The choice of the right LLM provider and appropriate models is crucial for a data protection compliant implementation. The market has evolved significantly since the early days of generative AI, and today there are numerous options with different data protection characteristics.
Evaluation Criteria for LLM Providers and Tools
When selecting an LLM provider, you should systematically check the following data protection relevant criteria:
- Data protection and compliance features:
- Data processing location (EU/EEA vs. third countries)
- Use of input data for model training (opt-out options)
- Retention periods for prompts and responses
- GDPR-compliant data processing agreement (DPA)
- Certifications and compliance evidence
- Technical security features:
- Encryption standards (at rest and in transit)
- Authentication and access control mechanisms
- API security features
- Private endpoints and VPC integration
- Transparency and control:
- Scope and quality of documentation
- Detailed usage logs and audit trails
- Control options over data usage and storage
- Clarity about subprocessors and their role
- Contractual and business aspects:
- SLAs for availability and support
- Flexibility for legal adjustments
- Clear responsibilities for data protection incidents
- Company location and applicable law
These criteria should be summarized in a structured evaluation matrix to objectively compare different providers.
Market Overview: Data Protection Compliant Alternatives
The market for LLM solutions has diversified in recent years, with a growing range of data protection optimized options. Here’s an overview of the main categories with examples (as of 2025):
| Category | Examples | Data Protection Features | Typical Use Cases |
|---|---|---|---|
| Enterprise Cloud LLMs | Microsoft Copilot for Enterprise, Google Gemini for Work, Anthropic Claude Enterprise | European data residency, business DPAs, limited model training | Enterprise-wide productivity applications |
| Open Source LLMs (self-hosted) | LLaMA 3, Mistral, Falcon, Bloom | Complete data control, no transmission to third parties | Processing highly sensitive data, regulated industries |
| Private Cloud LLMs | Azure OpenAI with Private Endpoints, AWS Bedrock with VPC, Aleph Alpha Luminous EU | Isolated infrastructure, European providers, dedicated instances | Balance between performance and data protection |
| Industry-specific LLMs | MedGPT (healthcare), FinGPT (financial sector), LegalGPT (legal field) | Industry-specific compliance features, specialized data protection measures | Highly regulated professional fields |
A notable development: European LLM providers have gained significant market share. Companies such as Aleph Alpha (Germany), Mistral AI (France), and Silo AI (Finland) now offer powerful alternatives to US giants, with a particular focus on European data protection standards.
“The decision for an LLM provider is no longer just a technology question, but a strategic direction with significant compliance implications.” — Dr. Julia Mayer, Digital Strategist
Data Processing Agreements (DPA) and Compliance Evidence
The legal safeguarding of LLM usage requires careful contractual design. Central to this is the Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, which regulates data processing by the LLM provider.
Critical checkpoints for a GDPR-compliant DPA with LLM providers:
- Precise definition of the processing purpose and types of data
- Clear instructions binding the processor
- Explicit regulations on the use of prompts for model training (ideally opt-out)
- Transparent subprocessors with right to information and objection
- Detailed technical and organizational measures (TOMs)
- Deletion obligations and deadlines for processed data
- Support obligations for data subject rights and data protection incidents
Caution: The terms of use of many standard LLM services do not fully comply with GDPR requirements. Particularly problematic are often:
- Inadequate opt-out options for training with customer data
- Unclear regulations regarding subprocessors
- Data transfers to third countries without adequate safeguards
- Lack of support commitments for data protection incidents
In addition to the DPA, you should also request the following compliance evidence:
- ISO 27001/27018 certifications
- SOC 2 Type II reports
- Evidence of implementation of appropriate TOMs
- Documentation of data flows and storage locations
Practical Example: Implementation of a Secure RAG System
A particularly relevant use case for medium-sized companies is the implementation of a RAG system (Retrieval Augmented Generation) that enriches LLMs with internal company data. This enables context-specific answers based on internal documents, but carries special data protection risks.
A data protection compliant RAG system might look like this:
- Document preparation:
- Automatic identification and masking of personal data
- Structured metadata to control access rights
- Auditable data preparation with version history
- Secure vectorization and storage:
- Encrypted vector database with access controls
- Role-based restrictions for retrieval
- Locally operated embedding models without external data transfer
- Controlled LLM integration:
- Strict prompt templates with minimal data sharing
- Clear identification of data sources in the output
- Hybrid model: Local LLM for sensitive data, cloud LLM for general content
- Governance and auditing:
- Complete logging of all accesses and queries
- Regular checks for unauthorized data exposure
- Periodic re-evaluation of included documents
The technical implementation is only one part of the overall picture – equally important are the organizational measures, which we’ll examine in the next section.
Organizational Measures: People, Processes, Policies
Technical protection measures alone are not enough – they must be complemented by comprehensive organizational measures. These address the human factor, which often represents the greatest risk in LLM usage.
Development of a Company-wide LLM Usage Policy
A clear, binding policy for LLM usage is the foundation of all organizational measures. This policy should cover the following aspects:
- Permissible use cases: Clear definition of what LLMs may be used for
- Prohibited inputs: Explicit rules on data that must not be entered in prompts
- Approved tools and providers: Whitelist of permitted LLM services
- Authentication and access rights: Who may use which LLM functions?
- Verification requirements: Requirements for verifying LLM outputs
- Documentation requirements: How must LLM usage and results be documented?
- Confidentiality classification: Graduation of data according to protection needs
- Incident response: Procedure for data protection violations
This policy should be understood as a living document that is regularly updated to account for new developments and insights.
Practical tip: Involve the works council early in the development of the policy, as LLM usage may touch on aspects subject to co-determination. Cooperative development also increases acceptance.
“A good LLM usage policy creates security for both sides: Employees know what is allowed, and the company minimizes its liability risks.” — Lena Schmidt, Data Protection Officer of a medium-sized company
Employee Training and Awareness Programs
Even the best policy remains ineffective without adequate employee training. An effective training program for safe LLM usage should include the following elements:
- Basic training:
- How LLMs work and their limitations
- Basic data protection principles
- Typical risks in LLM usage
- Practical prompt engineering:
- Safe vs. unsafe prompts (with examples)
- Techniques to avoid data leaks
- Anonymization methods for necessary data
- Output validation:
- Critical examination of LLM answers
- Detection of hallucinations and false information
- Verification techniques for important decisions
- Incident detection and reporting:
- Signs of data protection violations
- Immediate measures for identified problems
- Reporting channels and responsibilities
In addition to formal training, the following awareness measures have proven effective:
- Regular microlearning units for refreshing
- Practical handouts and checklists at the workplace
- Anonymized case studies from your own company
- Peer learning through LLM experts in the departments
- Gamified phishing-like tests for awareness
Training should be a continuous process, not a one-time measure. Regular refreshers and updates on new risks are essential.
Governance Structures and Responsibilities
A clear governance structure for LLM applications is essential to ensure data protection and security sustainably. The following model has proven effective for medium-sized companies:
- AI steering group (in smaller companies also as a partial task of the digitalization team):
- Strategic alignment of LLM usage
- Approval of new use cases
- Budget and resource planning
- Reporting to management
- AI specialists in the departments:
- Needs identification and use case evaluation
- Initial data protection risk assessment
- Implementation support and success monitoring
- Training and support for specialized users
- Data Protection Officer:
- Data protection assessment of LLM applications
- Conducting data protection impact assessments
- Advice on data protection measures
- Monitoring compliance with data protection regulations
- IT Security Officer:
- Assessment of security risks of LLM applications
- Implementation of technical protection measures
- Security monitoring and incident response
- Regular security reviews
In smaller companies, roles can be combined, but it’s important to have a clear distribution of tasks and to avoid conflicts of interest, especially between implementation and control.
Additionally, a formalized process for introducing new LLM applications should be established:
- Initial use case proposal with benefit assessment
- Data protection and security quick check
- If positive quick check: Detailed risk assessment
- Development and documentation of required protection measures
- Formal approval by the AI steering group
- Implementation with accompanying monitoring
- Regular review and adjustment
Monitoring and Auditing of LLM Usage
Continuous monitoring of LLM usage is essential to identify risks early and demonstrate compliance. An effective monitoring system should cover the following aspects:
- Access monitoring:
- Who is using which LLM functions?
- Are there unusual access patterns or times?
- Are permission boundaries being respected?
- Prompt monitoring:
- Automatic detection of potentially problematic inputs
- Identification of patterns indicating data leaks
- Compliance checks for regulated areas
- Output monitoring:
- Random checking of LLM answers
- Detection of hallucinations and misinformation
- Identification of output patterns indicating security problems
- Usage analysis:
- Which use cases dominate?
- Are there unexpected usage developments?
- Are additional training or support measures required?
The following practices have proven effective for efficient monitoring:
- Central log aggregation of all LLM-related activities
- Automated alerts for suspicious patterns
- Regular compliance reports for management and data protection officers
- Random manual checks in addition to automated analysis
- Feedback mechanisms for users to report problematic content
The organizational measures, together with the technical protection measures, form a coherent security concept. In the next section, we’ll look at how this concept can be anchored in a comprehensive compliance strategy.
LLM Compliance Strategy: Documentation and Accountability
A well-thought-out compliance strategy is crucial to demonstrate GDPR conformity of LLM usage. Particularly important is meeting the accountability principle under Art. 5(2) GDPR, which requires companies to demonstrate compliance with all data protection principles.
Conducting a Data Protection Impact Assessment
For many LLM applications, especially those involving personal data or automated decisions, a Data Protection Impact Assessment (DPIA) is required under Art. 35 GDPR. This systematic risk assessment should include the following elements:
- Application description:
- Detailed description of the LLM usage purpose
- Scope and nature of the processed data
- Systems involved and data flows
- Models and providers used
- Necessity check:
- Justification for data processing
- Examination of alternatives with less intrusion
- Assessment of data minimization
- Systematic risk assessment:
- Identification of potential risks to the rights and freedoms of data subjects
- Assessment of probability of occurrence and extent of damage
- Consideration of special risks of LLMs (e.g., hallucinations, bias)
- Protection measures:
- Technical measures for risk minimization
- Organizational precautions
- Evidence of effectiveness
- Result assessment:
- Assessment of residual risk after implementation of protection measures
- Decision on permissibility
- If necessary, consultation with the supervisory authority in case of high residual risk
For medium-sized companies, it is recommended to use structured DPIA templates that have been adapted for LLM-specific risks. Some data protection authorities have now published special guidelines for AI applications that can serve as guidance.
“The DPIA is not a bureaucratic end in itself, but a valuable tool for systematic risk minimization. Especially with innovative technologies like LLMs, it helps to identify blind spots.” — Klaus Hartmann, IT Security Expert
Legally Compliant Documentation of LLM Usage
Comprehensive documentation of LLM usage is essential both for internal governance and for possible evidence to supervisory authorities. The following documents should be created and kept up to date:
- Record of processing activities (Art. 30 GDPR):
- Inclusion of all LLM processing with personal data
- Detailed purpose description and categorization of data
- Information on external service providers and third-country transfers
- Technical system documentation:
- Architecture diagrams of LLM integration
- Data flow models and interface descriptions
- Security concepts and implemented protection measures
- Contracts and agreements:
- Data processing agreements with LLM providers
- Standard data protection clauses for third-country transfers
- Service level agreements and support agreements
- Policies and process documentation:
- LLM usage policy
- Training materials and evidence of conducted trainings
- Process descriptions (e.g., for incident response)
- Compliance evidence:
- Results of data protection impact assessments
- Records of security audits and tests
- Documented reviews and their results
A structured document management system with clear responsibilities for updates ensures that documentation is always up to date.
Incident Response Plans for Data Protection Incidents
Despite all precautions, data protection incidents related to LLMs can occur. A well-thought-out incident response plan is crucial to limit damage and meet legal requirements.
An LLM-specific incident response plan should include the following elements:
- Detection and initial assessment:
- Criteria for identifying potential incidents
- Reporting channels for employees
- Initial assessment of severity and scope
- Containment and damage control:
- Immediate measures to limit data exposure
- Temporary restriction or shutdown of affected systems
- Specific measures for different LLM incident types
- Investigation and documentation:
- Logging of all relevant information
- Securing evidence (logs, prompts, outputs)
- Root cause analysis and damage assessment
- Reporting obligations:
- Assessment of notification obligation under Art. 33 GDPR
- Preparation of notification to the supervisory authority (within 72 hours)
- Checking the obligation to inform data subjects (Art. 34 GDPR)
- Recovery and follow-up:
- Restoration of secure operations
- Implementation of improvement measures
- Documentation of lessons learned
- Adaptation of policies and training content
LLM-specific incidents could include:
- Unintentional disclosure of large amounts of personal data through a prompt
- Successful prompt injection attacks that bypass security controls
- Creation and distribution of false but convincing information about individuals
- Impermissible automated decisions based on LLM outputs
Practical tip: Regular simulation exercises (“tabletop exercises”) can test the effectiveness of the incident response plan and improve the team’s responsiveness.
Continuous Improvement of the Protection Concept
Data protection and security in LLM usage are not one-time projects, but continuous processes. A systematic approach to continuous improvement should be established:
- Regular risk review:
- Semi-annual reassessment of the risk situation
- Consideration of new threat scenarios
- Adaptation to technological developments
- Metrics-based monitoring:
- Definition and tracking of security KPIs
- Measuring the effectiveness of protection measures
- Identification of improvement potentials
- Feedback mechanisms:
- Regular user surveys
- Low-threshold reporting options for problems
- Analysis of incident patterns
- Systematic adaptation:
- Prioritized action plans
- Clear responsibilities for improvements
- Regular implementation review
A proven instrument is the establishment of a “Security Champions” network, where specially trained employees in the departments act as primary contacts and collect improvement suggestions.
With a systematic compliance strategy, you create the foundation for legally compliant and secure LLM usage. In the last section, we’ll take a look at future developments and requirements.
Practice-Oriented Future Outlook: LLM Security from 2025
The landscape of LLM technologies and regulations is evolving rapidly. To remain data protection compliant and secure in the long term, medium-sized companies should anticipate coming developments today and adapt their strategies accordingly.
Upcoming Regulatory Changes
The regulation of AI and especially LLMs will gain considerably more definition in the coming years, with far-reaching implications for business practice:
- EU AI Act: The full implementation of the EU AI Act will occur gradually, with the following impacts for LLM users:
- Risk classification of different LLM applications
- Transparency and documentation requirements
- Obligations to prevent discrimination and bias
- Human oversight of AI systems
- Extended GDPR interpretations: Data protection supervisory authorities will further concretize their guidelines for GDPR-compliant AI usage:
- Specific requirements for LLM providers
- More precise specifications for data processing agreements
- Detailed rules for third-country transfers in the AI context
- Industry-specific regulations: Additional sector regulations will emerge:
- Financial sector: Extended MiFID/MaRisk requirements for AI
- Healthcare: Specific regulations for medical AI applications
- Critical infrastructure: Stricter security requirements for AI systems
Companies should proactively monitor regulatory developments and continuously adapt their compliance strategies. Early alignment with upcoming standards can avoid expensive adjustments later.
“AI regulation is evolving from generic principles to increasingly specific requirements. Companies that build solid governance structures now will better navigate the regulatory changes.” — Prof. Dr. Marie Weber, Expert for Digital Law
Technological Developments for Enhanced Data Protection
Parallel to regulation, technological solutions are developing that improve data protection and security in LLM usage:
- Privacy-Preserving Machine Learning:
- Federated learning, where models are trained without sharing raw data
- Homomorphic encryption for computations on encrypted data
- Differential privacy with mathematical guarantees for data protection
- Local AI infrastructures:
- More energy-efficient models for on-device processing
- Compressed LLMs with improved performance on standard hardware
- Hybrid architectures with local preprocessing of sensitive data
- Enhanced security features:
- Improved prompt injection defense through context-based analysis
- Automated PII detection and masking in real-time
- Integrated hallucination detection with source verification
- Trustworthy AI:
- Improved explainability of LLM decisions
- Bias detection and reduction tools
- Certified LLMs with proven security properties
For medium-sized companies, these developments offer the long-term opportunity to use powerful LLMs with lower data protection risk. A technological roadmap should consider these developments and be regularly updated.
10-Point Plan for Future-Proof LLM Integration
Based on current trends and foreseeable developments, we recommend the following 10-point plan for future-proof LLM integration in medium-sized businesses:
- Establish LLM governance:
- Set up interdisciplinary steering team
- Clearly define responsibilities
- Implement regular review processes
- Prioritize use cases based on risk:
- Begin with lower-risk applications
- Gradual expansion after successful testing
- Establish clear criteria for risk assessment
- Develop hybrid LLM strategy:
- Local models for sensitive data
- Cloud services for general applications
- Continuously monitor technological development
- Implement privacy by design:
- Integrate data protection from the start in all LLM projects
- Standard anonymization and minimization
- Regular review by privacy experts
- Build comprehensive training program:
- Develop role-specific training modules
- Guarantee regular refresher courses
- Include practical exercises and realistic scenarios
- Establish central LLM gateway:
- Unified control of all LLM accesses
- Standardized security and data protection controls
- Central logging and auditing
- Automate compliance monitoring:
- AI-supported monitoring of compliance violations
- Automatic warnings for suspicious patterns
- Generate regular compliance reports
- Maintain cross-industry exchange:
- Participation in experience exchange networks
- Collaboration with associations and standardization bodies
- Develop joint best practices
- Proactively monitor regulatory developments:
- Early adaptation to upcoming requirements
- Engagement in consultation procedures
- Regular legal updates
- Promote ethical LLM usage:
- Develop ethical guidelines for AI applications
- Conduct regular ethical assessments
- Transparent communication about AI usage
This plan provides a structured approach to make LLM usage in medium-sized businesses secure, legally compliant, and effective in the long term. Implementation should be understood as a continuous process, not a one-time project.
With these future-oriented measures, medium-sized companies can leverage the benefits of LLMs without taking disproportionate risks – while preparing for upcoming requirements.
Frequently Asked Questions about Data Protection with LLMs
As a medium-sized company, are we even allowed to use public LLMs like ChatGPT?
Basically yes, but with important limitations. The use of public LLMs like ChatGPT is possible for medium-sized companies, but requires specific protective measures. Crucially, no personal data of customers, employees, or business partners should be entered in the prompts. For business use, you should rely on business versions (e.g., ChatGPT Enterprise, Copilot for Microsoft 365) that offer enhanced data protection guarantees and don’t use user inputs for training. Additionally, you need a data processing agreement with the provider and must train your employees accordingly. For particularly sensitive data or in highly regulated industries, you should consider local LLM solutions.
What concrete technical measures are feasible for small companies with limited IT resources?
Even with limited IT resources, small companies can implement effective protective measures:
- Use business versions of LLM services with integrated data protection features
- Implement central access control through a company-wide SSO service
- Create clear prompt templates for common use cases that contain no sensitive data
- Use simple anonymization tools as browser extensions or services
- Rely on cloud-based security gateways that centrally manage and monitor LLM access
- Use VPN services for communication with LLM providers
- Implement regular backups of all important data and configurations
The key lies in combining easily implementable technical measures with strong organizational rules and targeted employee training.
How do we determine if our current LLM applications require a Data Protection Impact Assessment?
A Data Protection Impact Assessment (DPIA) is generally required if your LLM application meets at least one of the following criteria:
- Systematic and comprehensive evaluation of personal aspects of natural persons (e.g., performance evaluation, behavior analysis)
- Processing of special categories of personal data (e.g., health data, political opinions) on a large scale
- Systematic extensive monitoring of publicly accessible areas
- LLM applications that make automated decisions with significant effects
- Processing of data from vulnerable persons (e.g., children, patients)
- Innovative uses of LLMs with unclear data protection implications
- Extensive data integration from different sources (e.g., in RAG systems)
When in doubt, you should consult your data protection officer or conduct a simplified preliminary check. Most supervisory authorities now offer specific checklists for AI applications that can serve as initial guidance.
How can prompt injection attacks be specifically prevented?
Prompt injection attacks can be effectively prevented through multi-layered protective measures:
- Input validation: Implement filters that detect and block suspicious instruction patterns (e.g., “Ignore all previous instructions”)
- Prompt structuring: Clearly separate system prompts and user inputs and process them separately
- Sandboxing: Run LLM applications in isolated environments that have no access to critical systems
- Role-based access control: Restrict available functions according to user role
- Output filtering: Check responses for signs of successful prompt injections
- Rate limiting: Limit the number of requests per time unit and user
- Monitoring: Implement real-time monitoring for suspicious activity patterns
- Regular penetration tests: Conduct targeted tests to identify vulnerabilities
Particularly effective are multi-stage validation processes that analyze inputs both before sending to the LLM and its responses. Current security frameworks for LLMs offer integrated protection functions that are continuously updated to counter new attack vectors.
What alternatives to US-based LLM providers exist for European companies?
For European companies, several data protection compliant alternatives to US providers exist:
- Aleph Alpha (Germany): Offers a powerful “Luminous” LLM family with EU hosting and GDPR-compliant contracts, specialized in enterprise applications
- Mistral AI (France): Develops advanced open-source models with European data protection standards that can also be hosted locally
- DeepL Write (Germany): Focused on text generation and improvement with strict European data protection guarantees
- Silo AI (Finland): Offers tailored AI solutions with European data processing
- Jina AI (Germany): Provides open embedding models that can be operated in a data protection compliant manner in your own environments
- LocalAI: Open-source alternative for local execution of LLMs on your own hardware without data transfer to third parties
- European cloud providers such as T-Systems, OVHcloud or Scaleway, which increasingly offer data protection compliant LLM services
These European alternatives offer the advantage that data remains within the EU and GDPR-compliant contracts are available as standard. The performance gap to leading US models has significantly narrowed in recent years, especially for specialized enterprise applications.
How high are the typical costs for a data protection compliant LLM integration in medium-sized businesses?
The costs for a data protection compliant LLM integration vary depending on scope and requirements, but can be categorized as follows:
- License costs for business LLMs: About €20-60 per user/month for enterprise versions of ChatGPT, Copilot, or Claude
- Infrastructure costs for local models: One-time €10,000-50,000 for hardware (depending on model size and performance requirements), plus ongoing operating costs
- Security gateway and monitoring: From €5,000 annually for medium-sized implementations
- Legal and organizational measures: €5,000-15,000 for initial policy development, DPIA, and contract design
- Employee training: €300-500 per employee for comprehensive AI security training
- Ongoing compliance and audits: Annually about €5,000-10,000 for reviews and adjustments
Cost-effective entry-level solutions for small businesses start at about €10,000-15,000 total investment in the first year. Medium implementations with higher security requirements typically range from €30,000-80,000. The investment should be weighed against the achievable productivity gains and reduced risks, which usually amortize within 12-18 months.
How do we prevent trade secrets from leaking through LLM prompts?
To protect trade secrets when using LLMs, these concrete measures are recommended:
- Classification system: Establish a clear system for classifying information by confidentiality
- Prompt guidelines: Define precisely which types of information may be used in prompts
- Pre-submission check: Implement automated tools that check prompts for sensitive content before sending
- Abstraction and generalization: Train employees to generalize specific details (e.g., replace real figures with placeholders)
- Secure LLM environments: Use local or dedicated LLM instances for highly sensitive applications
- Data Loss Prevention (DLP): Integrate LLM access into existing DLP systems
- API-based integration: Use controlled API interfaces instead of direct web interfaces
- Audit trails: Log all LLM interactions for later review
- Usage restrictions: Limit LLM access to certain employee groups
Particularly effective is the combination of technical controls and employee awareness. Regular simulations can help raise awareness of potential information leaks and verify the effectiveness of protective measures.
About the Author
This article was written by experts in data protection and AI security at Brixon AI. Our team of specialists combines years of experience in implementing data protection compliant AI solutions for medium-sized companies with sound technical and legal expertise.
Brixon AI supports medium-sized B2B companies in accelerating, simplifying, and future-proofing their office and knowledge work using Artificial Intelligence – always with a special focus on data protection, information security, and compliance.
Learn more about our services and expertise at brixon.ai.
Sources and Further Reading
- Federal Office for Information Security (BSI): Guide to Secure AI Usage (2024)
- Bitkom e.V.: Study on AI Usage in German Medium-Sized Businesses (2024)
- Data Protection Conference (DSK): Guidance on the Use of AI Systems (2023/2024)
- Gartner Research: Market Guide for Generative AI Security (2024)
- OWASP Foundation: OWASP Top 10 for Large Language Model Applications (2024)
- European Union Agency for Cybersecurity (ENISA): Securing Large Language Models (2024)
- The Federal Commissioner for Data Protection and Freedom of Information (BfDI): Data Protection Assessment of AI Systems (2024)
