If you are pasting customer transcripts or personal information directly into ChatGPT, STOP.

You’re in breach of the GDPR, by transferring personal data to a third-party recipient.

The guys at Simpliant have done a great job of explaining this through several scenarios (Reference: https://simpliant.eu/insights/is-chatgpt-gdpr-compliant).

It pretty much boils down to the fact that OpenAI does not provide a data processing agreement for the use of the ChatGPT service. This agreement is only provided for OpenAI API-using business customers.

The Regulation of Investigatory Powers Act 2000 and the UK GDPR govern the practice of recording calls in the United Kingdom (U.K.).

There are two key things to consider:

Consent and Notification: For B2B businesses wishing to record calls or meetings, it is crucial to obtain consent from the participants. This can be achieved by notifying all parties that recording is taking place and obtaining their agreement to continue.

Data protection (GDPR): Ensuring recordings are stored securely, used only for legitimate business purposes, and are accessible only to authorized personnel.

So, the rule of thumb: No entry of personal data in the ChatGPT interface.

Your options are to either sign the processing agreement yourself and build your own software using the APIs, or use a service that already has the right agreements and security infrastructure in place.

The application and use of AI within a business is not just about the product that’s built. It’s ensuring a scalable, productised tool with a workflow that mitigates business risk and ensures compliance.

Four/Four have created a system with data protection and compliance thought out from the very beginning, so you know your customer data is well managed.