Your sensitive data. Where does it go?
This is the question to ask before launching an AI tool, not after. A sensitive document that goes to the United States with no contractual framework is a real exposure, for your client, the regulation and your responsibility. At LDS, we set the framework from the first conversation.
It is the data that decidesThe level depends on the type of data you handle. You classify it, we adapt the hosting.
A contractual frameworkThe processing of your data is governed by a data processing agreement.
The more sensitive it is, the closer to youAs the data becomes sensitive, the hosting moves closer to your walls.
When in doubt, we move up a notchAnonymised is not pseudonymised. If doubt remains, we choose the more protective level.
By default, our solutions rely on providers whose servers are in Europe, and we favour European models. With these providers, the processing of your data is governed by a data processing agreement, and that is a condition of our choice, not a line lost on page seven. What matters for you is knowing where your data goes and setting this framework from the start.
Knowing where you stand today is what separates a controlled setup from an exposure discovered too late.
Hosting in Europe reduces the risk, but it is not always enough. Some architectures expose a residual risk that we set out for you in writing. For genuinely sensitive data, we favour a dedicated European infrastructure or an on-site installation. Only genuine anonymisation takes data out of the scope of the GDPR, and it remains hard to guarantee. The European framework on AI expects staff who use these tools to understand how they work and their limits. The precise terms are still under discussion at the European level, but the direction is clear. This is exactly what our training covers.
This content is provided for general information. It does not constitute legal advice and does not replace the opinion of a lawyer specialising in data protection. For your specific situation, consult a legal adviser.
Your data, your questions
By default, on servers located in Europe, and we favour European providers, each set out by a data processing agreement. The right level depends on how sensitive the data is: data with no personal character opens up the most capable models, then come the European cloud, a dedicated server in Europe, and an installation at your premises where nothing leaves your walls.
The European framework on AI expects teams who use these tools to have a suitable understanding of them, proportionate to their use. The precise terms are still evolving at the European level. In practice, that means teams who know what the tool does and what should not be handed to it, with documented in-house training. That is what we offer, starting from your real tools.
Want to know where your data stands today?
Write to us, and we take stock together: where your data is hosted, what level of protection you are at, and what is worth adjusting.