4.1. | Data privacy basics: What belongs in a prompt and what doesn’t?

Module 4.1: Data Privacy in Prompts

Basics of Data Privacy in AI Prompts

Bitte wählen Sie eine Option

Inhalt entsperren Erforderlichen Service akzeptieren und Inhalte entsperren

1. Recognizing Sensitive Data

Before you send a prompt to an AI model, you should know which types of data are particularly worthy of protection:

Personal Data
Names, email addresses, phone numbers, addresses, dates of birth
Business-Critical Information
Internal projects, financial data, strategies, unreleased products
Confidential Information
Customer data, employee data, contracts, access credentials
Specially Protected Data
Health data, religious/political beliefs, biometric data

2. The Basic Rule: What Should Not Be Shared

Note: AI usage must be discussed/approved within the company.

Before every prompt, ask yourself: „Would I share this information publicly?“

If the answer is „No,“ you should either omit this information or anonymize it. The more confidential the information, the more cautious you should be.

Particularly Risky Data:

  • Passwords and access credentials
  • Internal financial figures
  • Personal data of customers or employees
  • Information covered by NDAs
  • Unpublished strategies or product information

3. Practical Anonymization Techniques

With these simple methods, you can design prompts so they don’t contain sensitive data but still deliver good results:

Replace Names

Instead of real names, use generic terms or placeholders:

  • „Customer A“ instead of „John Doe“
  • „Employee B“ instead of „Jane Smith“

Use Placeholders

Replace specific information with placeholders:

  • „COMPANY_NAME“ instead of the actual company name
  • „PRODUCT_NAME“ instead of the actual product

Generalize Data

Describe information more generally:

  • „A medium-sized company“ instead of a specific company
  • „A five-figure amount“ instead of the exact sum

Use Sample Examples

Replace real examples with similar but fictitious ones:

  • Replace a real email with a similar but made-up version
  • Replace real data with representative sample data

4. Concrete Examples: Problematic vs. Harmless

Problematic
„Write an email to John Doe (john@examplecompany.com) regarding his late payment of €5,820“

Contains personal data (name, email) and specific financial data.

Harmless
„Write an email to a customer regarding a late payment in the mid-four-figure range“

Anonymized and generalized, but still targeted.

Problematic
„Analyze the last feedback session with Jane Smith (Accounting), who complained about excessive workload and stress. She took 12 sick days last quarter.“

Contains personal and specially protected data (name, department, health information).

Harmless
„How can I support an employee who shows signs of being overworked? What measures could help improve her work-life balance and promote her well-being at the workplace?“

Focuses on support and well-being without disclosing personal data.

Work securely and in compliance with data protection with xpandAI

The xpandAI platform offers a secure environment where you can use AI tools without data privacy concerns.

GDPR-compliant

All xpandAI assistants are secured by a DPA with OpenAI. In the free area, models without a DPA are marked with a notice.

Secure Processing

Your inputs are processed with the latest security standards and are not used for unauthorized purposes.

Transparent Data Policy

Full transparency on how and why your data is used – no hidden terms of use.

Ideal Testing Area

The platform is the perfect place to try out and learn AI tools in a secure environment.

Your Takeaway

  • Avoid personal and confidential data in prompts
  • Use simple anonymization techniques
  • When in doubt: better to be too cautious than too liberal with data
  • The best prompts do without sensitive data and still deliver good results
  • Ensure that the tools you use are GDPR-compliant and that data is processed securely