AI Data Breach: What Really Counts in the First 72 Hours
It is Tuesday afternoon when an employee stands in your office and lowers her voice: "I think I entered something I shouldn't have into ChatGPT." A complete customer list, to draft a quote faster. No hacker, no data breach in the classic sense – and yet a clock is now running.
This article is deliberately not a prevention guide – how shadow AI arises in the first place and how to prevent it is covered in Shadow AI in the company. This is about the moment after: it has happened, and you now have to act correctly. Because whether this moment becomes a reportable breach is decided not by the mistake itself, but by the next few hours.
Why this is not a trivial matter
As soon as personal data is entered into an AI tool you do not control, from a GDPR perspective processing by a third party takes place. With many free AI services there is an added twist: under the terms of use, inputs may be used to train the models. So the data not only leaves your house, it potentially becomes part of a system from which you can practically no longer retrieve it.
The law calls this a "personal data breach" (GDPR Art. 4 No. 12). And that is what the famous deadline hinges on.
The 72-hour clock: what Art. 33 and 34 require
Two GDPR articles are central here, and they mean two different things:
- Article 33 – notification to the supervisory authority: Where a data breach is likely to result in a risk to the individuals concerned, you must report it to the competent data protection authority – "without undue delay and, where feasible, not later than 72 hours" after becoming aware of it.
- Article 34 – communication to the data subjects: Where there is even a high risk to the individuals concerned, you must additionally inform those people themselves – in clear, plain language.
The 72 hours are not processing time for the perfect solution. They are the window in which the authority is meant to learn about relevant breaches. And the clock starts the moment the company gains knowledge of the breach – not only once your internal assessment is complete.
Do I have to report immediately?
Not every breach is reportable. The risk assessment is decisive. Was it data that was publicly known anyway? Were individuals identifiable at all? Was it a sensitive category such as health or financial data? This is exactly where the most common mistake happens: companies decide from the gut "it's not that bad" and document nothing.
The point is: even a reasoned decision against notification must be recorded traceably. This internal documentation duty (also Art. 33) applies regardless of whether you report in the end. Having no documentation is often the bigger problem than the original mistake.
The first steps – in the right order
- Contain. Stop further spread. Was a shared chat link created? Deactivate it. Is access running via an API key? Revoke or rotate it.
- Document. What was entered, when, by whom, into which tool? Screenshots, timestamps, people involved. This is not bureaucracy, it is your basis for every further decision.
- Classify. Personal data yes/no? Sensitive data? Individuals identifiable? From this it follows whether the 72-hour clock is ticking for you.
- Contact the provider. Request deletion of the inputs and logs in writing and have it confirmed. Check whether training use can be disabled.
- Report – if necessary. Where there is a risk: prepare notification to the data protection authority. Where there is a high risk: additionally inform the affected individuals.
- Prevent. Make sure the same mistake does not happen again in two weeks.
If you genuinely need these steps right now: I have turned them into a free instant tool. The AI incident response kit contains a checklist for the first hours and an interactive wizard that classifies your specific situation – including an assessment of the notification duty.
The real fix happens afterwards
A single incident is an operational accident. If it repeats, it is a systemic problem. The employee in the example did not want to do anything wrong – she simply lacked a clear rule and an approved, safe tool. This is exactly where sustainable prevention starts: a lean AI usage policy that nobody wants to circumvent, and tools with a proper data processing agreement where inputs do not flow into training.
In short
Customer data in ChatGPT is not the end of the world – but it is also not something you can sit out. Secure, document, classify, and then make a deliberate decision about notification. The difference between a managed incident and a real problem almost always lies in the first few hours.