The Privacy Pillar in this series directly intersects with GDPR compliance training and confidentiality obligations. Client names in AI prompts are a GDPR risk. Internal financial data in prompts is a confidentiality risk. Module 2 covers the data privacy intersection in depth.

No. Module 1 is designed for all employees regardless of role or technical background. The risks covered — data privacy, accountability for AI output, and transparency — apply to every employee who uses an AI tool for work, from writing emails to summarizing meeting notes.

It means those tasks should not go through public external AI tools. Some restricted and prohibited tasks may be appropriate using company-approved private tools with appropriate controls. The training establishes the baseline — your organization's AI governance policy provides the specifics.

Company-approved sandbox tools that do not retain or train on your data are the appropriate option for confidential tasks. The Allowed / Restricted / Prohibited framework applies to public external tools. Your organization's internal guidelines will specify which tools are approved and for what use cases.

The three-pillar framework applies regardless of which specific tool an employee uses — ChatGPT, Gemini, Copilot, Claude, Midjourney, or any other. The principles are tool-agnostic because the risks are consistent: data exposure, confident inaccuracy, and transparency obligations apply across all generative AI platforms.