FAQ on browser DLP, ChatGPT and GDPR

This FAQ collects the key questions from privacy, IT security, procurement and management. The answers are direct so people, Google and AI Search can understand DLPShield accurately.

• 25 answers
• FAQPage schema-ready
• DACH GDPR language

What this FAQ is for

Searches around ChatGPT privacy for companies, browser DLP GDPR and AI data leakage prevention are often concrete questions. This page is an operational reference for teams that want to use AI without uncontrolled sensitive-data transfer.

Main topics

• Definitions: browser DLP, local-first DLP, shadow AI and data loss prevention.
• ChatGPT and GDPR: customer data, employees, DPAs, approvals and technical safeguards.
• Product questions: what DLPShield checks, where limits are and how rollout can start.
• Comparison questions: endpoint DLP, Purview, Safetica and enterprise suites.

What is browser DLP?

Browser DLP is data loss prevention directly in the browser. It checks text, prompts, file uploads and web forms before data is sent to AI tools, SaaS services or external websites.

What is DLPShield?

DLPShield is local-first browser DLP for DACH teams. It detects sensitive data before prompts, uploads and web forms and can audit, warn, mask or block depending on policy.

What does local-first DLP mean?

Local-first DLP means sensitive content is detected close to where it appears, for example in the browser. This reduces unnecessary transfer of raw content to external inspection clouds.

Which data should not go into ChatGPT?

Without approval, customer data, HR data, health data, client data, credentials, API keys, confidential contracts and unreleased source code should not be entered into ChatGPT.

What is shadow AI?

Shadow AI is the use of AI services without approval from IT, privacy or procurement. The risk is mainly the data copied or uploaded into those tools.

How do you prevent AI data leakage?

Use approved tools, data classification, training, audit and browser controls. The key is checking prompts and uploads before they are sent.

Can browser DLP be a GDPR technical measure?

Browser DLP can be part of technical and organisational measures because it detects and controls data before transfer. The legal assessment depends on the concrete use case.

How is browser DLP different from endpoint DLP?

Endpoint DLP controls devices and local applications broadly. Browser DLP focuses on prompts, uploads, copy-paste, SaaS forms and AI tools in the browser.

Is DLPShield a Microsoft Purview replacement?

Not always. Purview is a broad Microsoft suite. DLPShield is a focused browser DLP layer for AI tools, uploads and web forms, including workflows outside a pure Microsoft stack.

Does DLPShield replace legal advice?

No. DLPShield provides technical browser controls. Legal bases, DPAs, impact assessments and internal policies remain the organisation's responsibility.