A recruiter has forty applications on her desk and a deadline. She drops ten CVs into a free AI tool and asks for a summary of each candidate. The documents hold full names, dates of birth, addresses, and - for two people - a note about a previous period of long-term sick leave. The summaries arrive in thirty seconds, and the data has left the building.
Across the office, a manager is writing up his notes from a performance review. He asks an AI to turn them into a polished narrative. The text reads well and feels complete. What he does not notice: one paragraph describes an incident that never happened. The model invented it to round out the story. The write-up goes into the personnel file unchecked.
These are not edge cases. They are the two most common ways AI goes wrong in HR: sensitive data entered too easily, and outputs trusted too readily.
Is AI safe to use in HR?
AI can be used safely in HR, and the time saved is real: summarising, rewriting, structuring, drafting job adverts. But HR is not an ordinary function. HR handles special-category and highly sensitive personal data every day - health, finances, appraisals, identity. A small mistake is easy to make, and the consequences are larger than in almost any other team.
The biggest risk is not the AI technology itself. It sits in two human moments: when someone pastes sensitive data into a tool, and when someone accepts an AI output as fact. Since 2024 there is a legal dimension too - the EU AI Act classes a large share of HR uses as high-risk, with explicit requirements for human oversight. The seven rules below cover both moments.
Which AI tools does HR use - and where the risk sits
Before you set policy, it helps to know which tools your team is probably already using. They fall into two broad groups, and each carries a different kind of risk.
The first group is general-purpose AI tools that people paste text into:
- ChatGPT (OpenAI) - drafting job adverts and emails, and summarising CVs and review notes. By far the most widely used, and exactly where the paste risk in rule 1 begins.
- Microsoft Copilot - built into Word, Outlook, and Teams. Many HR teams already use it without thinking of it as "AI," so sensitive content gets processed unnoticed.
- Google Gemini - the same role inside Google Workspace.
The second group is HR-specific systems that help make decisions:
- LinkedIn Recruiter - AI-driven candidate matching and suggested messages; it shapes who you even get to see.
- HireVue - AI video interviews and assessments. Tools like these often fall into the EU AI Act's high-risk category, with duties around human oversight and transparency.
The distinction decides where you intervene: in the first group the risk is in what an employee enters, in the second it is in what the system itself decides.
Seven privacy rules for AI in HR
1. Never paste CVs into public AI
Uploading a CV or cover letter to a free tool for a quick summary is a direct data breach. You lose control of personal data a candidate entrusted to you, and you have no clear basis for the processing under GDPR. Many free consumer tiers can also use submitted content for model improvement unless the user actively turns that off - and that is an individual setting, not an organisation-wide safeguard.
Use only approved, contained AI workspaces covered by a data processing agreement, or strip every identifying detail before you enter anything.
2. Watch for the bias trap
AI systems learn from historical data. If that data carries a past preference - for certain schools, ages, names, or a gender - the model reproduces it, without anyone meaning to. An algorithm that ranks "the strongest candidates" can quietly discriminate on age, gender, or background.
So never let an algorithm decide who the best candidate is on its own. Keep reviewing outputs, monitor for unequal effects across groups, and be ready to explain why a candidate did or did not make the shortlist.
3. Always keep a human in the loop
Under the EU AI Act, many HR uses - automated screening tools, systems that rank candidates, tools that evaluate performance or allocate work - fall into the high-risk category. For those systems, meaningful human oversight is not a recommendation but a legal requirement. GDPR likewise restricts decisions based solely on automated processing that produce significant effects on a person.
Treat AI as your assistant, not the final decision-maker. When hiring, appraising, promoting, or dismissing people, a person should make the decision and be able to justify it.
4. Anonymise the data before the prompt
Using AI to turn exit-interview or appraisal notes into a clean write-up? Remove every identifying detail before you enter it. The AI needs the substance of the conversation to rewrite it - it does not need the name, the national identifier, or the date of birth.
Work with placeholders and swap them back afterwards:
- "James Carter (Sales)" → [Employee A]
- "Client X" → [Company]
- "DOB 12 March 1987" → [date of birth]
5. Beware of hallucinations
A major risk is over-reliance on AI. Language models can invent facts - "hallucinate" - to make text feel complete and convincing. In a marketing draft that is annoying. In an appraisal or a dismissal file it is dangerous: an invented incident in an official personnel record can affect a career and expose the organisation legally.
Check AI-generated write-ups word for word. AI may handle the form; the facts remain your responsibility.
6. Be fully transparent
Employees and candidates must know when and how AI is used in the HR process. Where algorithms influence recruitment, promotion, or appraisals, both GDPR and the AI Act require you to communicate that openly. Transparency is not only a duty but a matter of trust: people who discover that AI quietly helped decide their career lose confidence faster than you can rebuild it.
Reflect AI use concretely in your privacy notice, your hiring process, and your staff handbook, and be clear about who makes the final decision.
7. Offer safe alternatives
Bans backfire. Surveys consistently find that a large majority of employees use unapproved AI tools at least sometimes - often because the approved route is missing or too cumbersome. This is Shadow AI, and a ban only pushes it further into the shadows.
Instead, make sure your HR team has access to safe enterprise versions, and invest in AI literacy so everyone knows what is and is not allowed. The goal is not less AI, but safer AI on a route people actually use.
The cheat sheet: what you never paste into public AI
HR handles data that, in the wrong context, is a breach. These are the categories that should never go unfiltered into an open AI tool - and the safer alternative.
| Data | Why it is sensitive | Safer approach |
|---|---|---|
| National ID & copies of ID documents | Directly identifying; misuse for identity fraud | Never enter; replace with [identifier] |
| Sickness & absence records | Health data - special category under GDPR | Contained workspace or full anonymisation |
| Full name + job title | Makes a person and their statements traceable | Replace with [Employee A] |
| Date of birth & demographic data | Feeds age and origin bias; identifying | Omit or generalise |
| Payslips & contract terms | Financially sensitive; usually confidential | Remove or mask figures |
| Unredacted CVs & cover letters | Contain a cluster of personal data | Enterprise workspace or anonymise the passage |
| Appraisal notes | Judgements about people; affect career and file | Use placeholders, verify facts yourself |
| Employee bank account details | Financially identifying | Never enter |
What is really at stake
When sensitive HR data reaches an AI tool or the wrong recipient, the consequences range from awkward to severe.
Under GDPR, entering identifiable personal data into an unsuitable tool can be a data breach. Organisations must assess every breach: where there is a risk to people's rights and freedoms, it must be reported to the supervisory authority - the ICO in the UK - within 72 hours of becoming aware of it. Health data, national identifiers, or financial details usually bring an incident within that duty. GDPR fines can reach up to 20 million euro or 4% of global annual turnover. Liability sits with the organisation, not the individual employee.
On top of that comes the EU AI Act. For HR systems classed as high-risk, there are obligations around human oversight, transparency, and documentation - with their own enforcement and penalties, separate from GDPR. A hiring algorithm that decides without human review is not just a privacy risk; it may be a breach.
And then there is reputation. A candidate who learns their CV was fed into an AI tool without consent, or an employee who finds an invented incident in their file, will talk about it. In a labour market built on trust, that damage is hard to undo.
Verified incidents
2018 - Amazon scraps its AI recruiting tool
Amazon stopped using an experimental AI system that scored CVs after finding it disadvantaged women. The model had been trained on a decade of applications, mostly from men, and had learned to downgrade CVs that signalled "women's." The system never went live. Source: Reuters, October 2018.
2023 - iTutorGroup and the EEOC
The US Equal Employment Opportunity Commission settled a case against tutoring company iTutorGroup for $365,000. The company's recruiting software automatically rejected applicants by age - women aged 55 and over, and men aged 60 and over. It is an early example of enforcement against age discrimination by an automated HR system. Source: U.S. EEOC, August 2023.
2023 - Samsung restricts generative AI
Samsung restricted the use of generative AI tools after employees entered confidential company information into ChatGPT. The incident captures the core risk of public AI at work: not an outside attack, but data that employees enter themselves. Source: Bloomberg, May 2023.
2024–2025 - Mobley v. Workday
A US federal court allowed a discrimination case against HR software vendor Workday to proceed, on allegations that its AI-based screening tools disadvantaged applicants by age, race, and disability. In 2025 the court permitted an age-discrimination claim to advance on a collective basis. The litigation is ongoing, but it signals that the providers of AI hiring tools - not only the employers using them - may face scrutiny. Source: reporting on Mobley v. Workday, U.S. District Court, 2024–2025.
The common thread is not a single vulnerability in one tool. It is the combination of human action, trust in the output, and the speed at which AI processes data.
What settings and policy do not solve
Settings decide what an AI tool may do with your data. Policy decides what is allowed. Neither decides what an employee actually types into the box on a busy Tuesday afternoon.
No setting stops someone copying a CV into a free tool. No policy intercepts a date of birth or a national identifier in a meeting note before it is submitted. The most common privacy mistakes in HR are not configuration errors - they are decisions made in a few seconds, during ordinary work, by people who are not thinking about privacy at that moment. That is the point settings and policy do not reach.
How BeeSensible helps before the prompt
BeeSensible checks for personal data in text fields - including the input box of AI tools - as you type or paste. The extension automatically recognises more than eighty kinds of sensitive data: names, national identifiers, dates of birth, phone numbers, bank account numbers, and more. When sensitive content appears, BeeSensible highlights it inline and shows a panel with what was found and how serious it is. The employee can remove it, replace it with a placeholder, or mask it - before the text goes to the AI.
Analysis runs on an EU-based detection service, in working memory, and the text is discarded after detection. Message content is not stored. The employee makes every decision.
For HR, that means in practice: a CV summary, a performance write-up, or an exit note containing a name, a national identifier, or a date of birth is flagged in the input box - before the prompt is sent.
AI is fast, and that speed is exactly what makes it useful. But the same speed causes most privacy mistakes in HR. Settings, policy, and AI literacy reduce risk structurally, yet they do not reach the moment when someone pastes a CV or asks for a write-up. That is where most incidents begin - and also where real-time awareness makes the difference: not by blocking, but by making the content of the prompt visible to the sender before it leaves the organisation.
ChatGPT