GDPR-Compliant AI by Architecture: Designing Systems With No Data Exit

The strongest GDPR argument is a missing wire

Every cloud AI integration drags a paper trail: Art. 28 processing agreements, transfer impact assessments for third countries, sub-processor monitoring, Schrems-anxiety. Architecture that keeps personal data inside your own infrastructure deletes those obligations by construction — there is no transfer to assess. Your DPO's review collapses from a project to a meeting.

The reference architecture

• Network: inference servers on an isolated VLAN, reachable only through the company VPN; outbound default-deny at the firewall, with the deny logs retained as evidence.
• Models: open-weight models pulled once, hash-verified, then served from a local registry. No runtime that can phone home (we audit this with outbound traffic capture and hand you the pcap summary).
• Data minimization in the pipeline: PII pseudonymization before text enters the vector store where the use case allows; retrieval ACLs mirroring your existing document permissions — the intern's chatbot must not retrieve the board's documents.
• Logging: prompts and completions logged only if a documented purpose requires it, with retention limits; operational logs keep metadata, not content. Art. 5(1)c applies to logs too.
• Deletion: a working Art. 17 path — deleting a source document must cascade to its chunks and vectors. We build the cascade on day one; retrofitting it is misery.

The paperwork that remains (and is now easy)

You still maintain a processing record (Art. 30), a short DPIA if employees' texts are processed at scale, and works-council alignment — German co-determination treats AI assistants as monitoring-adjacent. Our experience: a system that demonstrably cannot exfiltrate data turns the works council from blocker into sponsor; we've had approvals in a single session.

The EU AI Act footnote

Most internal assistants land in the minimal/limited-risk tiers — transparency duties, not conformity assessments. But HR-adjacent use cases (screening, performance evaluation) can be high-risk regardless of where the model runs. On-prem solves data protection; it doesn't exempt you from use-case law. We flag this in every discovery workshop, because finding it in an audit is the expensive way.