GDPR Oversight

Know every byte of personal data
your AI sends — before regulators do.

A real-time governance layer that detects, alerts, and blocks personal data from reaching cloud AI services without lawful basis. Built for the Article 33 clock: regulator-ready breach evidence in 72 hours.

72h Article 33 breach notification window
0 Unlogged personal data egress events
Art.33 Ready evidence packages, automated
Contact us about GDPR Oversight See how it works

The GDPR gap your AI tools created

Cloud AI adoption outpaced compliance controls in most enterprises. These are the four structural gaps GDPR Oversight closes.

01

No visibility into what AI receives

Your employees and agents are sending prompts to OpenAI, Anthropic, and Google every day. Without an egress monitor, you do not know whether those prompts contain customer names, health records, account numbers, or other Article 4 personal data. Invisibility is not a defence under GDPR — it is the problem.

02

Breach notification requires evidence you do not have

Article 33 requires you to notify the supervisory authority within 72 hours. That notification must describe the categories of data affected, the approximate number of data subjects, and the likely consequences. Without an immutable egress log, you cannot produce that evidence. You cannot notify what you cannot prove.

03

AI vendors are sub-processors you may not have assessed

Sending personal data to an LLM API makes that provider a sub-processor under Article 28. Most enterprises have not completed data processing impact assessments for their AI tool stack, have not verified standard contractual clause compliance for US providers, and have not updated their records of processing activities to reflect AI data flows.

04

Policy in documents does not stop data egress

An acceptable use policy that says "do not enter personal data into AI tools" is not a technical control. Employees forget, agents do not read policies, and pressure to move fast overrides caution. GDPR Oversight enforces the policy at the network layer — where it actually works.

Five-stage governance pipeline

Every LLM API call passes through the same deterministic state machine — in under 100ms.

01

Intercept

Every outbound LLM API call passes through the GDPR Oversight gateway — whether initiated by a human user or an autonomous agent. No changes to application code required for proxy-mode deployment.

02

Classify

The PII scanner analyses the request payload against configured data categories: names, email addresses, national IDs, health data, financial data, location data, and custom enterprise-specific categories. Each detection is tagged with risk level: Low, Medium, or High.

03

Enforce

Policy rules determine the action: Pass (monitor only), Alert (notify DPO, allow through), Redact (strip PII before forwarding), or Block (reject the request). Rules are configurable per data category, destination endpoint, user group, or agent identity.

04

Log

Every egress event — regardless of action taken — is written to an immutable breach register: timestamp, source, destination, PII categories detected, risk level, action taken, and user or agent identity. This is your Article 33 and Article 33(5) documentation.

05

Notify

High-risk events trigger automated DPO notification via email and dashboard. The breach register tracks the 72-hour Article 33 clock automatically. For Article 34 events affecting high-risk data subjects, the system generates a notification draft for the DPO to review and dispatch.

What GDPR Oversight delivers

A complete data egress governance stack — from detection to regulator notification.

Capability What it does GDPR article
Egress monitoring Real-time visibility into every personal data flow from your systems to cloud AI endpoints Art. 32 — Technical and organisational measures
PII classification Automated detection of personal data categories in LLM request payloads with risk scoring Art. 4 — Definition of personal data
Block & redact Policy-enforced blocking or PII redaction before data reaches the LLM provider Art. 25 — Data protection by design and by default
Immutable breach register Tamper-proof log of every egress event with full context, retained per your retention policy Art. 33(5) — Documentation of breaches
DPO alert dashboard Real-time alert feed, breach register, 72-hour clock tracker, and notification workflow Art. 33 — Breach notification to supervisory authority
Evidence package generator Automated production of Article 33 notification documentation from breach register data Art. 33 — Notification within 72 hours
Sub-processor register Automated mapping of AI endpoints used, data categories sent, and transfer mechanism status Art. 28 — Processor obligations; Art. 30 — Records of processing
Transfer compliance checks Flag transfers to third-country endpoints lacking an adequate transfer mechanism (SCCs, adequacy decision) Art. 44–46 — Transfers to third countries

Where GDPR Oversight has already mattered

Three real patterns from AI-connected enterprises that discovered their GDPR exposure before regulators did.

Financial Services

Customer records sent to ChatGPT by support agents

Situation
Customer support team at an EU bank using ChatGPT to draft responses — copying customer names, account numbers, and complaint details into prompts
Risk
Personal data of banking customers transmitted to a US-based AI provider without a completed transfer mechanism assessment or DPA in place
With GDPR Oversight
Egress events detected in real time, DPO alerted within minutes, block policy activated for account data category, formal sub-processor assessment triggered
Outcome
Zero further transmission of customer financial data to unassessed endpoints; DPA completed for approved AI tools within 30 days; Art. 33(5) documentation complete
Healthcare

Clinical AI agent leaking patient data during summarisation

Situation
An AI agent summarising patient discharge notes was passing raw clinical text — including diagnoses, medications, and patient identifiers — to a cloud LLM as part of its context window
Risk
Special category health data (Article 9 GDPR) transmitted to a cloud AI without explicit patient consent or other lawful basis for special category processing
With GDPR Oversight
Health data category detected, request blocked before reaching LLM provider, immutable breach record created, DPO notified with full context within 4 minutes of the first event
Outcome
Agent architecture redesigned to keep PHI on-premise; cloud LLM used only for non-identifying summaries; breach register shows zero high-risk health data egress since deployment
Legal

Employee using corporate AI key for personal document drafting

Situation
An employee at a law firm was routing personal document drafting — including personal correspondence containing third-party personal data — through the firm's corporate LLM API key
Risk
Personal data of individuals with no relationship to the firm being processed through the firm's AI infrastructure, creating GDPR controller liability for data subjects who never consented to this processing
With GDPR Oversight
Personal-use pattern detected via anomaly scoring, flagged for DPO review, policy enforced to prevent personal data transmission outside business-purpose categories, employee HR process triggered
Outcome
Processing activity identified, documented, and ceased; records of processing activities updated; no supervisory authority notification required as data was blocked before transmission

Common questions

GDPR Oversight sits between your users, your agents, and the cloud AI endpoints they call — OpenAI, Anthropic, Google, Azure OpenAI, and others. Every outbound LLM API call passes through the gateway. We scan the request payload for personal data categories (names, email addresses, national ID numbers, health data, financial data, location data, and other Article 4 GDPR categories), classify the risk level, and decide in real time whether to pass, alert, redact, or block. The system produces an immutable egress event record for every call, regardless of the action taken. This log is the foundation of your Article 33 breach notification evidence package.

GDPR Oversight deploys as a transparent proxy in front of your LLM API calls — no changes to your application code required in most cases. For organisations already routing LLM calls through an API gateway, we integrate at that layer. For direct SDK usage, we provide lightweight SDK wrappers for the major providers. We also support webhook-based integration for alerting into existing SIEM, DLP, or incident management systems (Splunk, Datadog, PagerDuty, Jira Service Management). The DPO dashboard is a standalone web application requiring no infrastructure on your side.

The state machine executes in under 100ms. For a high-risk event: the request is blocked before it reaches the LLM provider; an immutable breach record is written with full context (timestamp, source system, destination endpoint, PII categories detected, user/agent identity); the DPO receives an automated alert via email and dashboard notification; and the 72-hour Article 33 clock is noted in the breach register. For medium-risk events, the default action is to alert without blocking — this is configurable per policy rule. The DPO can review, escalate, dismiss, or initiate a formal breach notification workflow directly from the dashboard.

Yes. GDPR Oversight supports logical tenant isolation within a single deployment — relevant for holding groups, law firms with multiple practice areas, or SaaS providers processing data on behalf of multiple controllers. Each tenant has its own policy rules, egress event log, breach register, and DPO notification settings. Cross-tenant data cannot be accessed by tenant-level users. Platform administrators can see aggregated metrics without accessing individual tenant data. Data processor agreements, sub-processor lists, and record-of-processing activities can be scoped per tenant.

PII classification accuracy depends on the classifier engine configured for your deployment — we support multiple options including Microsoft Presidio, AWS Comprehend, and fine-tuned transformer-based classifiers. In production deployments across European financial services clients, we achieve over 97% recall on structured PII (names, emails, IDs, IBANs) and over 91% recall on unstructured contextual PII (health conditions mentioned in free text, implicit location references). False positive rates are configurable: stricter detection increases false positives on benign data; we tune the threshold per data category based on your risk appetite and the volume of edge cases your team can review.

Yes — by design. GDPR Oversight can be deployed fully on-premise or in a private cloud within your jurisdiction, so no personal data passes through our infrastructure. The breach register, egress event logs, and policy configuration are stored in your environment only. For cloud-hosted deployments, we sign a data processor agreement covering our processing role, sub-processor list, and data residency commitments. We do not use customer data for model training, product improvement, or any purpose beyond the contracted service. Our own internal data processing activities are documented and available to DPOs on request.

Other products in the governance stack

Cost Governance

TokenGuard

Enforce LLM token budgets, detect runaway agentic loops, and produce per-team chargeback reports — all at the gateway layer.

Learn more →
Coming Soon

Enterprise Agent Governance

Centralized agent registry, circuit breakers, policy-as-code, and full decision traceability for the agentic enterprise. Early access Q2 2026.

Join the waitlist →

Ready to close your GDPR blind spot?

Tell us your AI tool stack and compliance obligations. We will show you what GDPR Oversight detects in your environment and what evidence it can produce for your DPO within the 72-hour window.

Contact us about GDPR Oversight All products