4.1. | Data privacy basics: What belongs in a prompt and what doesn't?

4.1. | Data privacy basics: What belongs in a prompt and what doesn’t?

Module 4.1: Data Privacy in Prompts

What you already know

What you will learn in this module

Basics of Data Privacy in AI Prompts

1. Recognizing Sensitive Data

Before you send a prompt to an AI model, you should know which types of data are particularly worthy of protection:

Personal Data

Names, email addresses, phone numbers, addresses, dates of birth

Business-Critical Information

Internal projects, financial data, strategies, unreleased products

Confidential Information

Customer data, employee data, contracts, access credentials

Specially Protected Data

Health data, religious/political beliefs, biometric data

2. The Basic Rule: What Should Not Be Shared

Note: AI usage must be discussed/approved within the company.

Before every prompt, ask yourself: „Would I share this information publicly?“

If the answer is „No,“ you should either omit this information or anonymize it. The more confidential the information, the more cautious you should be.

Particularly Risky Data:

Passwords and access credentials
Internal financial figures
Personal data of customers or employees
Information covered by NDAs
Unpublished strategies or product information

3. Practical Anonymization Techniques

With these simple methods, you can design prompts so they don’t contain sensitive data but still deliver good results:

Replace Names

Instead of real names, use generic terms or placeholders:

„Customer A“ instead of „John Doe“
„Employee B“ instead of „Jane Smith“

Use Placeholders

Replace specific information with placeholders:

„COMPANY_NAME“ instead of the actual company name
„PRODUCT_NAME“ instead of the actual product

Generalize Data

Describe information more generally:

„A medium-sized company“ instead of a specific company
„A five-figure amount“ instead of the exact sum

Use Sample Examples

Replace real examples with similar but fictitious ones:

Replace a real email with a similar but made-up version
Replace real data with representative sample data

4. Concrete Examples: Problematic vs. Harmless

Problematic

„Write an email to John Doe (john@examplecompany.com) regarding his late payment of €5,820“

Contains personal data (name, email) and specific financial data.

Harmless

„Write an email to a customer regarding a late payment in the mid-four-figure range“

Anonymized and generalized, but still targeted.

Problematic

„Analyze the last feedback session with Jane Smith (Accounting), who complained about excessive workload and stress. She took 12 sick days last quarter.“

Contains personal and specially protected data (name, department, health information).

Harmless

„How can I support an employee who shows signs of being overworked? What measures could help improve her work-life balance and promote her well-being at the workplace?“

Focuses on support and well-being without disclosing personal data.

Work securely and in compliance with data protection with xpandAI

The xpandAI platform offers a secure environment where you can use AI tools without data privacy concerns.

GDPR-compliant

All xpandAI assistants are secured by a DPA with OpenAI. In the free area, models without a DPA are marked with a notice.

Secure Processing

Your inputs are processed with the latest security standards and are not used for unauthorized purposes.

Transparent Data Policy

Full transparency on how and why your data is used – no hidden terms of use.

Ideal Testing Area

The platform is the perfect place to try out and learn AI tools in a secure environment.

Your Takeaway

Avoid personal and confidential data in prompts
Use simple anonymization techniques
When in doubt: better to be too cautious than too liberal with data
The best prompts do without sensitive data and still deliver good results
Ensure that the tools you use are GDPR-compliant and that data is processed securely