Adding an LLM to a fintech product is now a weekend prototype. Turning that prototype into a GDPR-compliant production system is the part that separates funded fintechs from founders answering regulator questions six months later. We have architected AI features for lending platforms, property marketplaces, and compliance tools across Europe. The pattern is always the same: compliance is cheaper when it is a constraint at design time, not a retrofit after an enterprise buyer sends a security questionnaire. This post is a practical guide to GDPR-compliant AI architecture for EU fintech startups: lawful basis, data minimization, inference boundaries, retention, human review, and the documentation pack that auditors and customers actually ask for.
Start with a lawful basis, not a model
Before you choose OpenAI, Anthropic, or a self-hosted model, write down the GDPR lawful basis for each processing purpose. Consent, legitimate interest, contract necessity, and legal obligation each have different implications for AI features. Most fintech AI use cases we see rely on legitimate interest or contract necessity, not blanket consent buried in terms of service.
A common mistake is to treat the LLM prompt as a single processing activity. It is not. Tokenization, retrieval augmentation, inference logging, and output storage are separate activities with separate risk profiles. Map them individually. If your model provider processes personal data, they are a processor under Article 28. If you cannot explain why the processing is necessary and proportionate, do not ship the feature.
For credit scoring, fraud detection, and KYC verification, document the legal basis explicitly. Regulators and enterprise buyers will ask whether the AI makes solely automated decisions with legal or significant effects. If it does, Article 22 comes into play and you need additional safeguards: meaningful information, human intervention, and the right to contest.
Separate PII from prompts by design
The safest personal data is the data you never send to a third-party API. Build your architecture so that identifiers, account numbers, government IDs, and raw transaction records are redacted, tokenized, or resolved locally before anything reaches an LLM. We recommend a prompt-sanitization layer that sits between your application and the model gateway.
Retrieval-augmented generation is useful, but it is not a privacy shortcut. If your vector database contains embeddings of customer emails, lease clauses, or credit notes, those embeddings are still personal data. Use retrieval filters scoped to the authenticated user or case, never dump a whole index into a prompt and hope the model ignores what is irrelevant.
For EU fintechs, model hosting location matters commercially and legally. Use EU-region inference endpoints when available, and keep a subprocessor list that names the model provider, hosting region, and fallback regions. If your provider cannot commit to EU data residency in writing, price that risk into your decision. We have seen vendor security reviews stall because the AI subprocessor agreement was signed by procurement without engineering input.
Retention and deletion are architecture decisions
GDPR Article 5 requires data kept no longer than necessary. That sounds legal, but it is implemented in code. Define time-to-live for prompts, completions, embeddings, and feedback logs before launch. Build deletion hooks that fire when a user exercises their erasure right, and make sure those hooks cascade into vector stores, caches, and analytics warehouses.
One pattern that works: store prompts and outputs with a retention_until timestamp set per data category. A scheduled job hard-deletes expired rows. Another pattern is to log only metadata for routine inference and keep full prompts only for a short debugging window, encrypted at rest. Whatever you choose, document it in your privacy policy and internal runbook. Auditors will ask for evidence, not intentions.
Do not forget model training data. If you fine-tune on customer conversations or transactions, that dataset becomes a long-term compliance asset. You need a data map showing which records were included, how to remove an individual, and whether retraining is required after deletion. We have seen teams spend more time untangling training datasets than building the model itself.
Human-in-the-loop for consequential decisions
Article 22 of GDPR restricts solely automated decisions that produce legal effects or similarly significant effects. In fintech, that includes credit approvals, fraud flags, and certain KYC outcomes. The practical fix is not to remove AI; it is to keep a human in the loop until legal counsel confirms the decision can be automated.
Design review queues with explainability summaries. A fraud analyst should see why a transaction was flagged: velocity, device fingerprint, behavioral anomaly, or model score. A credit underwriter should see top contributing features and be able to override the recommendation. The override itself should be logged. This creates both compliance evidence and product trust.
We recommend a tiered automation model. Low-risk actions, such as drafting customer support replies or summarizing documents, can run unattended. High-risk actions require human approval. The boundary between the tiers should be written down, reviewed quarterly, and updated as model performance and regulation evolve.
Practical controls for common AI data flows
| Data flow | Typical risk | Control to implement |
|---|---|---|
| Customer chat with LLM | PII in prompts sent to provider | Redact identifiers; use EU endpoint; log metadata only |
| RAG over transaction history | Over-retrieval exposing other users' data | Row-level filters; per-user retrieval scope |
| Credit scoring model | Automated decision-making under Article 22 | Human review queue; explainability summary; override log |
| Embedding storage for search | Erasure gaps in vector database | Track source IDs; cascade deletion job |
| Model fine-tuning dataset | Unmapped training personal data | Dataset manifest; per-record provenance; retraining plan |
Documentation pack auditors expect
- Data flow diagram showing where personal data enters, leaves, and is stored in the AI pipeline
- Lawful basis register per processing purpose and subprocessor
- DPIA for high-risk AI use cases such as credit decisions, fraud detection, or biometric checks
- Subprocessor list with model providers, hosting regions, and fallback routing
- Model change log, rollback procedure, and incident response runbook
- Retention schedule and deletion test results for prompts, outputs, embeddings, and training data
Frequently asked questions
Does GDPR ban AI in fintech? No. GDPR requires lawful basis, transparency, data minimization, and safeguards for automated decisions. Most fintech AI features can be compliant when those constraints are designed into the architecture from the start.
Can we use OpenAI or other US providers for EU customer data? Yes, if you have a lawful basis, a processor agreement with Standard Contractual Clauses, and documented transfer safeguards. Many teams also choose EU-region inference endpoints or EU-hosted models to reduce transfer complexity and answer buyer questionnaires faster.
Are embeddings of personal data still personal data? Yes. If embeddings can be linked back to an individual, they fall under GDPR. Treat vector stores with the same retention, access control, and erasure logic as your relational database.
What is the difference between a controller and a processor for an LLM feature? You are usually the controller. The model provider is a processor when it handles personal data on your behalf. If the provider uses your data to improve its own models, that is a separate purpose requiring explicit contractual restrictions and usually separate consent.
When does Article 22 apply? Article 22 applies when a decision based solely on automated processing, including profiling, produces legal effects or similarly significant effects on a person. In fintech this commonly includes credit rejection, account closure, and certain fraud decisions. Add human review and contestability.
Every LLM prompt that touches customer data is a data processing activity. If you cannot explain the lawful basis and deletion path for that prompt, do not ship the feature.
If your team is designing AI features under GDPR pressure, we will map your data flows, lawful basis, retention rules, and vendor choices against what is actually shipping, then recommend a compliance-first build plan.

Written by Bart Korpershoek
Co-founder & Technical Lead
Part of the SelectCursor engineering team. We build lending platforms, property marketplaces, and fintech infrastructure for European companies.
Connect on LinkedInMore posts from our teamBuilding something similar?
Our team has shipped 50+ Proptech and Fintech platforms. Book a 25-minute call to discuss your architecture, team structure, or product roadmap.
Book a Call