Part 3 of a three-part series on shadow AI for DPOs and privacy officers.

Shadow AI, the use of AI tools such as ChatGPT, Claude, or Gemini outside the purview of IT and the DPO, poses legal risks that we have explored in the first two parts of this series. In part 1, we saw that the input of personal data is often unlawful at the moment of entry. In part 2, it became clear that this can lead to a difficult-to-detect, reportable data breach, and that personal data can become practically irreversible once embedded in a model.

Because retrospective remediation is so difficult, the emphasis lies on prevention. This third part translates the risks into a concrete approach: internal policy, AI literacy, and responsible procurement. We then demonstrate that these same measures also protect trade secrets and contractual confidentiality, a risk distinct from the GDPR but governed by the same governance instruments. We conclude with the enforcement tools of the Dutch Data Protection Authority (AP) and the role of the DPO.

Policy, training, and procurement

An effective approach rests on three pillars: internal policy, AI literacy, and responsible procurement. We discuss each of these pillars and conclude with the role of the works council.

An effective approach to shadow AI begins with an internal AI policy that defines which tools are approved, under what conditions, which categories of data may not be entered, and which use cases are and are not permitted per function. Safe alternatives are essential: enterprise versions with contractual safeguards, no use for training purposes, verifiable management settings, and, where possible, processing within the EEA or a robust transfer framework otherwise.

When procuring AI services, a fixed sequence applies: first qualify the provider's role (processor, controller, or joint controller), conclude the appropriate agreement, verify the training policy, assess the transfer situation, and conduct a DPIA if the risk profile requires it. Also, establish the permitted use cases per tool and per function, so that employees know for what an approved tool may and may not be used. Additionally, for each use case, assess whether the AI Act requires additional qualification, for example, because it may involve a high-risk application or a prohibited practice.

Article 4 of the AI Act obliges organizations to ensure that their staff have a sufficient level of AI literacy: the knowledge and skills to use AI systems responsibly and to identify risks(1). This obligation already applies from February 2, 2025; the further application and enforcement of the AI Act will be rolled out in phases(2). Shadow AI is precisely the risk that AI literacy aims to prevent. A strategic, function-specific approach is preferable to a one-off training.

Finally, the works council. Insofar as an AI policy contains rules on the processing or protection of employee personal data, or concerns facilities with which the presence, conduct, or performance of employees can be observed or monitored, works council consent is required on the basis of Article 27, paragraph 1, sub k and/or l of the Works Councils Act (WOR)(3). An AI policy introduced on these points without works council consent is legally tenuous.

The same measures also protect trade secrets

The policy, approved tools, and contractual safeguards from the previous paragraph do not only serve the GDPR. They simultaneously protect a risk distinct from personal data: the loss of trade secrets and the breach of contractual confidentiality. Precisely because they involve the same measures, this topic belongs within the governance narrative.

Employees who input internal documents, customer files, quotes, or strategic information into an external AI tool can thereby endanger trade secrets within the meaning of the Trade Secrets Protection Act (Wbb). A trade secret is only protected if the holder has taken reasonable measures to keep the information secret(4). These reasonable measures partly overlap with the technical and organizational measures required by Article 32 GDPR when personal data is processed. The same AI governance (policy, approved tools, access restriction, contractual safeguards, and training) can therefore support both regimes, but the Wbb retains its own test and also applies to non-personal data, which Article 32 GDPR does not cover. Uncontrolled use of external AI tools (without policy, technical blocks, or contractual safeguards) undermines these measures, which can lead to discussion as to whether the organization can still invoke Wbb protection if the information later leaks or is unlawfully used.

A second risk concerns contractual confidentiality. Information covered by NDAs with clients or partners can be unintentionally exposed when entered into an external AI tool, regardless of whether it concerns personal data. An employee who has ChatGPT analyze a concept acquisition structure inputs commercially confidential information to an external party for whom no confidentiality agreement exists. In sectors with a statutory duty of confidentiality (such as the legal profession or healthcare), the breach of professional secrecy can have independent disciplinary or criminal consequences.

The DPO is not the owner of this risk but should explicitly identify it: in a written advice addressed to the CISO, the general director, or the responsible legal counsel, stating the information involved, the relevant duty of confidentiality, and the recommended measure.

Enforcement: the AP is already active

The risks described are not theoretical. The AP already has the full set of tools to act now, regardless of the phased rollout of the AI Act.

The AP can initiate investigations, impose an order subject to a penalty, and issue administrative fines of up to 20 million euros or 4% of global annual turnover(5). However, that fine ceiling is not the most important aspect. In practice, the AP enforces selectively, and demonstrability will weigh heavily: can the organization show that it manages its AI use, documents its processing activities, and takes its accountability obligation seriously? The dozens of reports of AI-related data breaches received by the AP in 2025 make it clear that the risk is real and current, which stands in sharp contrast to the AI Act, which is being phased in. The Dutch approach is not unique: the EDPB, the French CNIL, and the British ICO have also expressed critical views on generative AI and the processing of personal data(6).

The role of the DPO

All the aforementioned risks directly concern the DPO. How does the legal framework translate into a concrete course of action, within the confines of the DPO's statutory duties?

The DPO has an informative, advisory, and monitoring role under Article 39 GDPR(7). This role is crucial for shadow AI, but the DPO is emphatically not the operational owner of AI policy. Specifically, the DPO's duties mean: urging the organization to conduct a shadow AI audit; advising on technical monitoring and updating of the record of processing activities; advising on the necessity of a DPIA for each AI application and monitoring its implementation; and escalating shortcomings in writing to the board, CISO, or legal. Where trade secrets or contractual confidentiality are at stake, the DPO flags this to the legally responsible parties. The DPO also ensures that the AI policy is periodically evaluated, with the involvement of IT, legal affairs, HR, and line management.

Conclusion

Shadow AI reveals a structural problem: an organization that does not equip its employees with safe alternatives and clear frameworks creates the very risk that the AP is already enforcing. The questions surrounding lawfulness, reporting obligations, and the irreversibility of what ends up in a model all point in the same direction: doing nothing is not an option. The GDPR applies without reservation, the Wbb adds additional obligations, and the AI Act's obligation for AI literacy is already in effect. A DPO who now identifies risks, initiates audits, advises on DPIAs, and escalates shortcomings acts in accordance with Article 39 GDPR. Organizations that fail to do so will find it increasingly difficult to explain that they have taken their GDPR accountability obligations seriously.

_

1. Art. 4 AI Act (obligation of AI literacy); art. 3 para. 56 AI Act (definition). The obligation applies to providers and deployers from February 2, 2025. See European Commission, 'AI Literacy - Questions and Answers', digital-strategy.ec.europa.eu.

2. Art. 113 AI Act (phased entry into force): Chapters I and II, including Art. 4, apply from February 2, 2025; certain governance and sanction provisions from August 2, 2025; the general application date for most obligations is August 2, 2026.

3. Art. 27 para. 1 sub k WOR (registration of employee data) and sub l WOR (employee monitoring systems and control of presence, behavior, or performance). See also AP, 'De OR en personeelsvolgsystemen', autoriteitpersoonsgegevens.nl.

4. Art. 1 para. 1 sub c Trade Secrets Protection Act (implementation of Directive (EU) 2016/943): the holder must have taken reasonable measures to keep the information secret; see recital 14 of the Directive on proportionality.

5. Art. 58 GDPR (supervisory powers) and Art. 83 para. 4 and 5 GDPR (administrative fines up to EUR 20,000,000 or 4% of global annual turnover).

6. EDPB, ChatGPT Taskforce Report (May 23, 2024) and Opinion 28/2024 (December 17, 2024); CNIL, recommendations on the application of the GDPR to the development of AI systems, July 22, 2025; ICO, guidance and consultation series on generative AI (ico.org.uk). The sanction decision of the Italian Garante against OpenAI (December 20, 2024) is illustrative of supervisory attention, but has been overturned by the Rome court (judgment no. 4153/2026, deposited March 18, 2026; the reasoning was not yet public at the time of publication).

7.  Art. 39 para. 1 GDPR (DPO tasks: inform, advise, monitor, and advise on DPIAs); art. 38 para. 6 GDPR (no tasks leading to a conflict of interest).