Your client signed a GDPR data processing agreement with your agency before sharing their customer records. Did you sign one with ChatGPT before you pasted those records in? Almost certainly not — and that’s the exposure most marketing teams haven’t priced in. Under GDPR Article 28, any company that processes personal data on your behalf is a data processor and requires a signed agreement. OpenAI is a data processor. The average cost of a data breach in 2024 was $4.44 million, according to IBM’s Cost of a Data Breach report. The maximum GDPR fine is 4% of global annual turnover. The risk is not theoretical.
What Actually Happens When You Send Data to ChatGPT
Most marketing teams treat ChatGPT like a calculator — input goes in, answer comes out, nothing lingers. That’s not what happens.
When you paste a client’s customer segment, campaign report, or GA4 export into a cloud AI tool, that data traverses OpenAI’s infrastructure. It is processed on their servers, in their jurisdiction. Depending on your account settings, it may be used to improve their models. It is subject to their security posture, not yours. And if their platform is breached — which cloud platforms are — your client’s data is in the exposure.
In February 2025, the OmniGPT platform breach exposed 30,000 user email addresses and 34 million lines of chat messages from enterprise users, according to Lasso Security’s analysis of the incident. Those conversations included proprietary workflows, client briefs, and internal strategy documents. Every one of those users believed their data was private.
The problem isn’t that ChatGPT is careless. The problem is that when you use a cloud AI tool with client data, you are making a security and compliance decision you may not have the authority to make unilaterally — and almost certainly haven’t documented.
The GDPR Article 28 Problem Nobody Talks About
GDPR Article 28 is not optional and it’s not ambiguous. If you’re a data controller — which any marketing agency handling client data is — you cannot lawfully transfer personal data to a third-party processor without a signed Data Processing Agreement in place. The DPA must specify what data is processed, for what purpose, under what legal mechanism, with what security guarantees.
OpenAI does offer a DPA. Most SMB marketing teams have never accessed it, signed it, or even know it exists. Which means every ChatGPT conversation that included a client name, email address, customer behaviour pattern, or purchase record was processed without a lawful Article 28 basis.
You may be interested in: GDPR Article 28: The Data Processing Agreement Your WooCommerce Store Never Signed With Meta, Google, and TikTok
The enforcement pattern is clear. EU data protection authorities have issued over €5.88 billion in cumulative GDPR fines. The most recent wave targets not just the platforms — but the companies that transferred data to them unlawfully. Meta was fined €1.2 billion for EU-US data transfers in 2023. Uber was fined €315 million for the same class of violation in 2025. Regulators are moving upstream toward the businesses that initiated the transfer.
Your agency is that business every time you send client data to a cloud AI without a DPA.
Three Data Types Marketing Teams Routinely Send to Cloud AI
The risk isn’t abstract. Here’s what actually goes into ChatGPT in a typical marketing agency week:
- Customer segments and email lists — “Here are our top 500 customers by LTV, help me write a re-engagement sequence.” Every name, email, and purchase value just crossed into OpenAI’s infrastructure.
- Campaign performance exports — Google Ads CSVs, Meta Ads breakdowns, GA4 reports. These often contain account IDs, audience segment names, and ROAS figures your clients consider commercially sensitive.
- Client strategy documents — Briefs, positioning documents, competitive analysis. These are your clients’ IP. Sending them through a cloud AI with no data retention controls is a breach of the confidentiality you implicitly promised.
None of this requires malicious intent. It happens because cloud AI tools are convenient, fast, and genuinely useful — and the compliance gap is invisible until it isn’t.
Your System Prompts Are Also at Risk
It’s not just the data you paste into conversations. If your agency has built custom GPT configurations, system prompts, or AI workflow templates, those are stored on cloud infrastructure too — and they represent your intellectual property.
System prompts have been extracted via prompt injection attacks. Cloud AI platforms have experienced breaches that exposed conversation logs. The workflows you’ve refined over months of iteration — your competitive edge — are sitting in a cloud database you don’t control.
You may be interested in: Your AI System Prompt Is Not Private: The Case for Local LLM Inference in Agencies
Deloitte projects that 50% of companies using generative AI will have agentic AI pilots by 2027, according to the EDPB’s AI privacy risks report. As AI becomes more embedded in marketing workflows, the data exposure surface grows — unless the inference layer moves off cloud entirely.
The Fix: Local LLM Inference
The answer is not to stop using AI. It’s to run AI inside your own infrastructure.
A local LLM — a model running on hardware you own, on a network you control — processes every query without any data leaving your building. No OpenAI server receives it. No breach exposes it. No DPA is required because no third-party processor is involved. The EDPB’s own guidance on LLM privacy risks explicitly identifies on-premise inference as the strongest available mitigation for data exposure risk.
The practical stack for a marketing agency in 2026: a Mac Mini M4 Pro or M5 Pro running Ollama with a 7B–32B model, querying your first-party data through a local RAG pipeline. A 7B model runs on 16GB of unified memory at useful speed. A 32B model on 32GB handles the deeper analytical work — attribution diagnosis, cross-channel comparison, customer LTV modelling. Zero data leaves the device. Zero.
That’s the same AI capability your team currently uses through ChatGPT — with the compliance exposure removed entirely.
Where Transmute Engine Fits the Picture
Local AI is only as useful as the data it reasons over. If your marketing analytics are built on incomplete, browser-blocked, client-side event data, a local LLM will generate confident answers from a flawed dataset.
The Transmute Engine™ captures WooCommerce and WordPress events server-side — bypassing ad blockers, preserving attribution chain integrity, routing clean first-party data to BigQuery. When that BigQuery data is the source for your local LLM, you get complete records analysed by private inference. No cloud AI platform touches client data at any point in the chain: not in collection, not in storage, not in analysis.
That’s the architecture that makes “we don’t send client data to ChatGPT” a true statement — not just a policy intention.
Key Takeaways
- GDPR Article 28 requires a signed Data Processing Agreement before you can lawfully send client personal data to any third-party AI platform — most agencies have never signed one with OpenAI
- The OmniGPT breach exposed 34 million chat message lines from enterprise users — cloud AI platform breaches are real and recurring
- Maximum GDPR fine exposure is 4% of global annual turnover; EU regulators are now targeting companies that initiated unlawful data transfers, not just the platforms
- Local LLM inference eliminates the third-party processor relationship entirely — no DPA required, no data leaves your network, no breach surface on the AI layer
- A Mac Mini M4 Pro running Ollama with a 7B–32B model handles the same marketing queries your team currently sends to ChatGPT — privately, on hardware you own
Not automatically illegal — but it requires a signed GDPR Article 28 Data Processing Agreement with OpenAI before any personal data is transferred. Most marketing agencies have never signed this agreement, which means processing client personal data through ChatGPT likely lacks a lawful basis under GDPR. EU regulators have issued multi-million euro fines for exactly this class of violation.
Any personal data pasted into conversations — customer names, email addresses, purchase histories, segment data — plus commercially sensitive information like campaign performance, client briefs, and competitive strategy. The OmniGPT breach in 2025 exposed 34 million chat message lines including proprietary business content from enterprise users.
A DPA is a legally binding contract between a data controller (your agency) and a data processor (any third party that handles personal data on your behalf). Under GDPR Article 28, you must have a signed DPA in place before transferring personal data to any third-party processor, including cloud AI platforms. OpenAI offers a DPA, but you must actively access and sign it.
Local LLM inference — running an AI model on hardware you own and control. Tools like Ollama make this accessible: install on a Mac Mini, download a 7B or 32B model, and query your data locally. No data leaves your network. No third-party processor is involved. No DPA required. The EDPB explicitly identifies on-premise inference as the strongest privacy mitigation available for LLM data risk.
The question isn’t whether AI is useful for marketing. It clearly is. The question is whether the convenience of a cloud subscription is worth the compliance exposure, the breach surface, and the client trust you’re risking every time you paste sensitive data into a chat window. For most agencies, once the risk is understood, the answer is no.