You Wouldn't Let a Stranger Into Your Home. So Why Let One Into Your Data?
Every time an employee pastes a client contract or medical record into ChatGPT, they are sending it to a third party's servers - often without realising it. This is what is actually happening, and what the alternative looks like.
01 - THE STRANGER ON THE OTHER END OF THE LINE Imagine getting a call tomorrow morning from an unfamiliar company.
Imagine getting a call tomorrow morning from an unfamiliar company.
"Good afternoon. Could you please send us your work correspondence, your board presentation, next year's financial plan, your client list, partnership agreements, product architecture, medical reports, and recent test results? We promise to handle them with the utmost care."
The conversation would end in seconds.
Yet this is exactly what millions of people do every day - voluntarily. The only difference is that instead of a voice on the phone, they open ChatGPT, Claude, Gemini, or another cloud-based AI assistant.
I am writing this from yet another business trip to China. Over the past few weeks I have spoken with engineers, AI system architects, and information security specialists - some of them working on infrastructure that processes millions of user requests every day. After those conversations, one thing became impossible to ignore: without noticing it, we have opened the largest information-sharing channel of the last few decades. And almost no one thinks of it that way.
Everyone talks about AI productivity. Hardly anyone talks about the other side of the coin. Every request sent to a cloud-based AI is also a transfer of information to a third party. And the more useful the model becomes, the more information people are willing to entrust to it.
02 - A NEW CHANNEL NOBODY THOUGHT TO CONTROL There was a time when companies forbade employees from forwarding work documents via personal email.
There was a time when companies forbade employees from forwarding work documents via personal email. Then came policies on USB drives, Dropbox, Telegram, and messaging apps. Many organisations today have entire departments whose job is to make sure confidential information does not leave the corporate perimeter.
Yet that same employee might open a generative AI interface and paste in a commercial proposal, source code, a client contract, a financial model, a medical report, employee personal data, or a new system architecture. Not because they intend to steal anything. But because it lets them work faster.
This is what security researchers call "shadow AI" - employees using AI tools without IT oversight, creating a structural blind spot where sensitive data flows to external platforms outside any governance framework. According to UpGuard's July 2026 analysis of the shadow AI problem, once a user pastes sensitive information into an unvetted public AI tool, they lose control over that data. Many free or public AI services indicate in their terms of service that they may store user prompts indefinitely.
The distinction between tiers matters enormously. As WitnessAI's April 2026 review of ChatGPT business safety explains, employees on personal consumer accounts are on tiers where their inputs may be used to train future models - with no Data Processing Addendum, no audit trail, and no enterprise controls. The enterprise and business tiers are a different story, but they only help if your employees are actually using them, and if you know what they are typing in.
Generative AI is not merely an assistant. It is a new communication channel. And many organisations have yet to learn how to control it.
03 - WHAT IS ACTUALLY AT STAKE The consequences of getting this wrong are not abstract.
The consequences of getting this wrong are not abstract.
In early 2023, engineers at Samsung's semiconductor division accidentally leaked proprietary source code and confidential meeting notes by pasting them directly into ChatGPT - three separate incidents within 20 days. Samsung responded by restricting or banning generative AI tools for employees. The incident became a case study cited by every major security firm that followed.
In healthcare, the numbers are striking. A survey cited by ICT&health found that 76% of general practitioners use large language models in clinical decision-making - for checking drug interactions, treatment planning, and patient education. Data protection experts advise strongly against entering patient data into ChatGPT and similar cloud tools, noting that conversations are stored in the cloud, often outside the European Union, raising serious GDPR concerns. All it takes is one prompt.
The regulatory environment has hardened considerably. GDPR fines since 2018 now exceed €7.1 billion, with €1.2 billion in penalties issued in 2025 alone - a 22% year-on-year increase in breach notifications, according to the DLA Piper GDPR Fines and Data Breach Survey (January 2026). Italy's data protection authority has already fined OpenAI €15 million for GDPR violations and previously suspended ChatGPT for a month.
And from August 2, 2026 - this month - the EU AI Act's full requirements for high-risk AI systems become enforceable, adding a second penalty layer on top of GDPR: up to €35 million or 7% of global annual turnover for the most serious violations. Regulators are no longer asking whether you have an AI policy. They are asking for evidence it is enforced.
The biggest danger is not a dramatic hack. It is an employee who simply wanted to finish their report faster.
04 - THERE IS ANOTHER WAY I want to be clear about something: I am not calling for a boycott of ChatGPT, Claude, or Gemini.
I want to be clear about something: I am not calling for a boycott of ChatGPT, Claude, or Gemini. I use various models myself every day - for writing code, analyzing documents, brainstorming, automating processes. The technology is genuinely useful.
The problem is not the technology itself. The problem arises when people lose sight of which data can be shared and which must never leave their own infrastructure.
For some organisations, the answer is clear guidelines and employee training - understanding which tier of which tool is acceptable for which type of information. For others, particularly in law, healthcare, and financial services, the answer is something more structural: an AI that runs entirely inside your own walls, on your own hardware, without sending a single character of your data to anyone else's server.
This is what "on-premise AI" means in practice. Think of it as the difference between a filing cabinet in your own office and a filing cabinet in a shared building where you do not know who holds the master key. The model - the AI brain - lives on servers you own or lease, inside your network perimeter. Your questions and documents go in, answers come out, and nothing leaves the building. Not via email, not via the internet, not via any channel you have not explicitly opened.
It is not a new concept. Banks have run their own servers for decades precisely because they understand what it means to lose control of data. The same logic now applies to AI.
05 - HOW THIS WORKS IN PRACTICE When I work with a law firm, a clinic, or a financial consultancy, the starting point is always the same: understanding what data they actually handle.
When I work with a law firm, a clinic, or a financial consultancy, the starting point is always the same: understanding what data they actually handle, where the real exposure is, and what level of control they need. Security is rarely one-size-fits-all.
From there, the practical implementation typically involves three things.
- First, the model runs locally. We deploy an open-source language model - Llama, Mistral, or a similar architecture - on hardware inside the client's own network. The model is capable of drafting contracts, summarising case files, reviewing financial documents, or answering questions about internal procedures. It does this without ever calling an external server. As ICT&health noted in their February 2025 analysis of AI safety in healthcare, open-source models running locally offer the highest level of privacy precisely because data is never transmitted externally.
- Second, the model is connected to the organisation's own documents. This is sometimes called RAG - retrieval-augmented generation - but in plain terms it just means the AI can search and reference the organisation's own files when answering a question. A lawyer can ask "what does our standard NDA say about liability caps?" and get a precise answer drawn from their actual document library, not from the internet.
- Third, access is controlled and logged. Who asked what, when, is recorded internally. This is not surveillance - it is the same audit trail that already exists for email and document management systems. It is also what regulators increasingly expect to see.
What this is NOT: it is not a magic system that never makes mistakes. Language models hallucinate - they occasionally produce confident-sounding answers that are factually wrong. Any deployment I build includes clear guidance to staff on this limitation, and critical outputs (a contract clause, a dosage recommendation, a financial calculation) should always be verified by a human. The value is in speed and synthesis, not in replacing professional judgment.
If you want to understand what this would involve for your organisation specifically, an independent assessment of what this would take is the right place to start - before committing to any architecture or vendor.
06 - WHAT YOU CAN ACTUALLY VERIFY A reasonable question at this point: how do you know the system is actually keeping data inside your perimeter, rather than just claiming to?
A reasonable question at this point: how do you know the system is actually keeping data inside your perimeter, rather than just claiming to?
The honest answer is: you verify it, rather than taking anyone's word for it.
With a locally-deployed open-source model, the network traffic is auditable. Your IT team - or an independent auditor - can confirm that the server running the model does not initiate outbound connections to external AI providers. The model weights (the AI's "knowledge") are files sitting on your server, not a live connection to a cloud service. This is fundamentally different from an enterprise ChatGPT subscription, where OpenAI's own documentation describes the encryption and privacy controls they apply - controls that are real and meaningful, but that still mean your data travels to and is processed on their infrastructure.
For organisations subject to GDPR, the EU AI Act, or sector-specific regulations (medical data protection, legal professional privilege, financial data handling), the on-premise approach simplifies the compliance picture considerably. Data residency - meaning where data is physically stored and processed - is one of the most common questions regulators ask. When the answer is "on our own servers, in our own building, in this jurisdiction," the conversation becomes much shorter.
For those who need to demonstrate this to clients, auditors, or regulators, ready-made compliance documentation covering GDPR and EU AI Act requirements is something I prepare as part of the engagement.
What not to expect: a private AI deployment does not make your organisation immune to all data risks. Insider threats, phishing, and poor access controls are separate problems that require separate solutions. It also does not give you the breadth of knowledge of a model trained on the entire internet - a local model knows what you teach it, plus its training data, but it will not know about yesterday's news unless you feed that in. These are real limitations, and any honest conversation about this technology has to include them.
07 - THE QUESTION THAT ACTUALLY MATTERS The question is no longer whether to use AI. That matter is settled.
The question is no longer whether to use AI. That matter is settled. Everyone will use it - is already using it.
The real question is: who controls the information you entrust to it?
If you do not know the answer, you are probably not the one managing your data today. Not because anyone has malicious intent - but because a useful tool became a habit before anyone thought to ask where the data was going.
For some organisations, clear policies and the right enterprise tier of a cloud tool will be enough. For others - those handling client confidences, patient records, financial strategies, or anything that would cause serious damage if it appeared in the wrong hands - the answer is AI that stays inside your own walls.
I have spent the last several years helping organisations implement AI not merely as a productivity tool, but as part of a secure infrastructure that they actually own and control. The work starts with understanding your specific situation - not with selling a product.
If you are wondering where to begin, a structured assessment of your current exposure and what a private deployment would require is the most useful first step. If you already know what you need and want to talk specifics, reach out directly.
The competitive advantage in the coming years will not belong only to those who adopt AI first. It will belong to those who manage to keep control of their own data while doing so.
Related field notes.
Why on-premises is not "cloud without internet"
The engineering trade-offs behind real isolation, GDPR data residency, and where most "private ChatGPT" pitches fall apart under audit.
Apple Silicon as an inference node: M4 Max & M3 Ultra, honest digits
Benchmarks for 70B models on M4 Max and M3 Ultra. Why Apple is betting on local inference - and what the token economics tell us about the future.
Public AI assistants in higher education: the GDPR exposure most institutions have not assessed
When staff paste student work into a public AI assistant - ChatGPT, Claude, Gemini, whichever - the institution becomes the controller for a processor it never contracted. A walk through GDPR Articles 5, 28, 32 and 35, the rulings already issued, and the architectural fix that does not require banning AI.