Back to Blog
implementation

Is Claude GDPR compliant? A UK business guide

By Jay MatharuPublished Last reviewed
Two professionals reviewing printed data-protection documents at a boardroom table with the City of London skyline behind them

Claude is neither GDPR compliant nor non-compliant on its own: compliance is a property of how your organisation deploys it. Anthropic, the company behind Claude, offers a Data Processing Addendum, acts as a processor for Team and Enterprise customers while the customer remains controller, and does not use commercial-plan data to train its models by default. On the consumer plans (Free, Pro and Max), a model-improvement setting decides whether chats can be used for training, with de-identified retention of up to five years when it is switched on. A UK business can use Claude in line with UK GDPR if it chooses the right plan, sets retention and training controls deliberately, and puts its own lawful basis, risk assessment and staff rules in place.

This guide is written for the people who have to sign that decision off: compliance leads, data protection officers, IT owners and managing partners at UK SMEs and regulated firms. Every product claim below is taken from Anthropic's official privacy documentation, accessed July 2026, and the named sources are listed at the end.

What does GDPR compliance mean for an AI assistant?

UK GDPR regulates the processing of personal data, not software products, so no AI assistant can be certified compliant in the abstract: the obligations attach to your use of it. The law splits responsibility between a controller, who decides the purposes and means of processing, and a processor, who processes personal data on the controller's instructions. The Information Commissioner's Office (ICO) sets out this division in its controllers and processors guidance. The moment a member of staff pastes a client's details into any chat assistant, your organisation is processing personal data and needs a lawful basis, transparency to the people concerned, appropriate security, and a defensible retention position.

The practical consequence is that the same product can be used lawfully by one firm and unlawfully by the firm next door. Anthropic controls what happens to data on its systems: retention periods, training defaults, security measures, and the contractual terms it offers. Your business controls everything else: which plan you buy, which settings you apply, what staff are allowed to put in, and what happens to the output. A sensible compliance assessment looks at both halves rather than asking the vendor question alone.

Is Claude GDPR compliant out of the box?

No AI service is GDPR compliant out of the box, and any supplier who tells you otherwise is overselling. What Anthropic supplies are the components a compliant deployment is built from: a Data Processing Addendum, a processor relationship on commercial plans under its Commercial Terms of Service, published security certifications including SOC 2 Type 2 and ISO/IEC 27001, and a stated default of not training on commercial customer data. What your business must supply is the other half: a lawful basis for each use, purpose limitation, information to data subjects, a data protection impact assessment where the processing is high risk, staff rules, and deliberate configuration of the retention and training settings described below.

The plan split matters more than any single feature. On Free, Pro and Max, the relationship is between Anthropic and the individual account holder on consumer terms. On Team and Enterprise, the customer organisation is the controller: it decides who can be a member, instructs how submitted data is used, can access and export its users' conversation history, and Anthropic processes that data only to provide the service. A sole trader evaluating Claude on a Pro account and a regulated firm rolling out Team seats are in materially different legal positions, even though the product looks the same on screen. For sole practitioners and micro-firms weighing that first step, our guide to GDPR and AI assistants for private practitioners covers the small-firm version of this question.

Does Anthropic train its models on your business data?

By default, no, on commercial plans. Anthropic states that it will not use inputs or outputs from its commercial products, which include Claude Team, Claude Enterprise and the Anthropic API, to train its models. There are two exceptions to design around. First, if a user submits feedback through the thumbs up or thumbs down button, the entire related conversation is stored for up to five years, de-linked from user and customer identifiers, and may be used for research and model training. Team and Enterprise owners can remove this path entirely by disabling chat rating in the organisation's data and privacy settings, which is a sensible default for regulated firms. Second, organisations can explicitly opt in to training programmes such as Anthropic's Development Partner Program; that is a choice, not a default.

The consumer plans work differently. On Free, Pro and Max, including when those accounts use Claude Code, a model-improvement setting governs training. With the setting on, new and resumed chats and coding sessions may be retained in de-identified form for up to five years in Anthropic's training pipelines. With it off, previous and new chats are not used for future training. Incognito chats are never used for training and are deleted automatically within 30 days. If your staff are using personal Claude accounts for work, that toggle is the single most important setting to check, and the honest answer is that work data should not be on consumer accounts at all.

One boundary worth knowing: Anthropic states that training and feedback data does not include raw content from connectors such as Google Drive or MCP servers, although anything copied directly into the conversation is included like any other content.

How long does Claude keep your data?

Retention depends on the plan, the settings applied, and whether content is flagged by Anthropic's safety systems. The table below consolidates Anthropic's published positions as at July 2026.

Plan or surfaceTraining positionRetention positionWho controls it
Free, Pro, Max with model improvement onUsed to improve modelsDe-identified copies retained up to 5 years in training pipelinesThe individual user's privacy setting
Free, Pro, Max with model improvement offNot used for future trainingChats held while the account keeps them; deleted chats leave back-end systems within 30 daysThe individual user
Incognito chats (consumer plans)Never used for trainingDeleted automatically within 30 daysAutomatic
Claude TeamNot used by defaultChats retained indefinitely by default while the workspace keeps them; deleted chats leave back-end systems within 30 days; no custom retention controlsOrganisation admins, by deletion only
Claude EnterpriseNot used by defaultAs Team, plus custom retention periods from a minimum of 30 days, with changes recorded in audit logsThe organisation's Primary Owner or Owner
Anthropic APINot used by defaultInputs and outputs deleted within 30 days of receipt or generation, unless a specific service or agreement extends thisAnthropic's default
Zero data retention arrangementsNot used for trainingInputs and outputs not stored, except safety classifier results, legal holds, and a 30-day overlay for Covered ModelsAgreed with Anthropic, per organisation
Any plan, content flagged for a Usage Policy violationMay be analysed for safety enforcementInputs and outputs up to 2 years; trust and safety classification scores up to 7 yearsAnthropic

Two rows deserve more attention than they usually get. First, on Team and Enterprise the default is indefinite retention: chats are kept to provide the product experience until someone deletes them, and custom retention periods are an Enterprise-only control with a 30-day minimum. A firm that tells its auditor "the AI tool deletes everything after 30 days" is only telling the truth if someone has configured that, and on Team nobody can. Second, on Enterprise, a project's retention setting supersedes the chat setting, scheduled deletions run at midnight UTC, and retention changes appear in the audit logs, which is exactly the evidence trail a UK compliance review wants to see.

What is Zero Data Retention, and who can actually get it?

Zero Data Retention (ZDR) is a per-organisation arrangement, subject to Anthropic's approval, under which Anthropic does not store inputs or outputs except where needed to comply with law or combat misuse. Even under ZDR, Anthropic retains user-safety classifier results to enforce its Usage Policy. The scope is narrower than many buyers assume: it applies only to eligible Anthropic APIs, to products used through a commercial organisation's API key, and to Claude Code on Enterprise plans. It is not a Team plan feature, and it does not cover the standard Claude chat interface for work.

Since 9 June 2026 there has also been a carve-out for what Anthropic calls Covered Models, currently the Mythos-class models such as Claude Fable 5 and Claude Mythos 5. Prompts submitted to and outputs generated by these models are retained for 30 days on every platform as part of Anthropic's safety work, including for organisations that otherwise hold ZDR agreements. Anthropic's published controls around that retained data are specific: no personnel can read it by default, human review happens only through a controlled access path when content is flagged, every access is recorded in a tamper-proof log, and the data is deleted automatically after 30 days unless flagged or legally held. For organisations that had no ZDR arrangement, nothing changes, because standard retention already applied.

The practical read for a UK buyer: if a workload genuinely cannot tolerate any vendor-side retention, the routes are an approved ZDR agreement on the API, accepting the Covered Models overlay, or keeping the workload off shared cloud AI entirely. For confidentiality-critical professional work, we cover the on-premises alternative in our Private AI Concierge service.

What should a UK business set up before staff use Claude?

Four things, before real data touches the tool: a plan that matches your data sensitivity, deliberate retention and training settings, a data classification rule staff can actually follow, and a named human sign-off for anything regulated. None of them is difficult; all of them are easier to do before rollout than after an incident.

The classification rule matters most in practice. A workable pattern is four classes: public, internal, confidential and regulated, with a plain-English decision about which classes may enter which AI surface, agreed before accounts are created. When we run Claude deployments for clients, for example a regulated recruitment firm or a professional-services practice, that conversation happens during discovery, and anything in the regulated class needs a named approver before it goes near any AI tool. A one-page rule that staff remember beats a policy nobody reads; our guide to writing an AI acceptable use policy for UK SMEs sets out the format, and the wider configuration these rules sit inside is covered in setting up Claude for a business.

On the risk assessment: the ICO expects a data protection impact assessment where processing is likely to result in high risk to individuals, and a firm-wide AI assistant rollout can meet that threshold, particularly in regulated sectors, at scale, or where special category data is in scope. The ICO's DPIA guidance and its guidance on AI and data protection are the two documents to work from. UK firms making or supporting decisions about individuals should also check the automated decision-making provisions of the Data (Use and Access) Act 2025, which we summarise in our DUAA 2025 guide. Claude in normal business use drafts and analyses under human review, which keeps most workflows outside the fully-automated-decision regime, but the boundary is yours to police, not the vendor's.

Which Claude plan should regulated UK firms choose?

For business data, the Team plan is the sensible floor, because it moves the relationship onto commercial terms: your firm is the controller, Anthropic is the processor, the no-training default applies, and admins control membership. Enterprise becomes necessary when your governance requirements say so: SCIM provisioning, audit logs, custom data retention periods, a Compliance API, and customer-managed encryption keys; our guide to Claude Team vs Enterprise covers exactly what forces that upgrade. Those controls, and what they cost, are covered in our Claude Enterprise UK buyer's guide. For embedded or automation workloads, the API with its 30-day default deletion, or an approved ZDR arrangement, is the equivalent decision. The anti-pattern is the one we still see most often: staff quietly using personal consumer accounts for work data, with the model-improvement toggle never checked. For FCA-regulated financial services firms, that pattern alone is usually enough to fail an internal audit.

The AI Consultancy is an Anthropic Consulting Partner and runs this assessment as the first step of every Claude deployment: plan selection, retention and training configuration, data classification, and the sign-off rules that make the rest of the rollout defensible. If you want the settings, the paperwork and the staff rules done properly before anyone pastes client data into a chat window, our Claude consulting and Claude implementation services cover exactly this ground.

Sources

  • Anthropic Privacy Center, "Is my data used for model training?" (commercial products version), accessed July 2026 (commercial no-training default, feedback retention of five years, de-linking, disabling chat rating).
  • Anthropic Privacy Center, "Is my data used for model training?" (consumer products version), accessed July 2026 (model-improvement setting, Incognito chats, connector content boundary).
  • Anthropic Privacy Center, "How long do you store my data?", accessed July 2026 (consumer retention, 30-day back-end deletion, five-year training retention, Usage Policy violation retention).
  • Anthropic Privacy Center, "How long do you store my organization's data?", accessed July 2026 (commercial retention, API 30-day deletion, Usage Policy violation retention).
  • Anthropic Privacy Center, "Configure custom data retention controls for Enterprise plans", accessed July 2026 (Enterprise-only custom retention, 30-day minimum, indefinite default, project precedence, audit logging).
  • Anthropic Privacy Center, "I have a zero data retention agreement with Anthropic. What products does it apply to?", accessed July 2026 (ZDR scope, per-organisation approval, safety classifier retention).
  • Anthropic Privacy Center, "Data retention practices for Covered Models", accessed July 2026 (30-day retention for Mythos-class models effective 9 June 2026, access controls, tamper-proof logging).
  • Anthropic Privacy Center, "Does Anthropic Act as a Data Processor or Controller?", accessed July 2026 (controller and processor roles on Team and Enterprise plans; no training on commercial data unless the customer joins the Development Partner Program).
  • Information Commissioner's Office, controllers and processors guidance; DPIA guidance; guidance on AI and data protection, accessed July 2026.
  • UK General Data Protection Regulation and Data Protection Act 2018, legislation.gov.uk; Data (Use and Access) Act 2025, gov.uk.

Frequently asked questions

Is Claude GDPR compliant for UK businesses?
Claude can be used in line with UK GDPR, but compliance depends on the deployment rather than the product. Anthropic provides a Data Processing Addendum, acts as processor on Team and Enterprise plans, and does not train on commercial data by default. The business remains controller and must supply its own lawful basis, transparency, staff rules and, where processing is high risk, a data protection impact assessment.
Does Claude train its AI models on business data?
Not by default on commercial plans: Anthropic states it will not use inputs or outputs from Claude Team, Enterprise or the API for model training. The exceptions are explicit thumbs up or down feedback, which stores the conversation for up to five years de-linked from identifiers and which admins can disable, and opt-in programmes such as the Development Partner Program. On Free, Pro and Max, training happens only when the model-improvement setting is on.
How long does Claude keep deleted conversations?
Deleted conversations disappear from chat history immediately and are removed from Anthropic's back-end systems within 30 days, on both consumer and commercial plans. Content flagged as a Usage Policy violation is the exception: inputs and outputs can be kept up to two years and trust and safety classification scores up to seven years.
Is Zero Data Retention available on Claude Team?
No. Zero data retention arrangements are agreed per organisation, subject to Anthropic's approval, and apply only to eligible Anthropic APIs and Claude Code on Enterprise plans. Even under ZDR, Anthropic retains user-safety classifier results, and Covered Models such as Claude Fable 5 carry a 30-day retention requirement introduced on 9 June 2026.
Do UK firms need a DPIA before rolling out Claude?
Often, yes. The ICO expects a data protection impact assessment where processing is likely to result in high risk to individuals, which a firm-wide AI assistant rollout can meet, particularly in regulated sectors or where special category data is involved. Even below that threshold, a short DPIA is cheap insurance and forces the plan, retention and classification decisions to be made deliberately.
Who is the data controller when a business uses Claude Team or Enterprise?
The business is the controller and Anthropic acts as its processor under the Commercial Terms of Service. The organisation controls who can be a member, instructs how submitted data is used and can access and export its users' data, while Anthropic processes it only to provide the service.

Related Articles

implementation

Why Your AI-Built App Works in Preview But Fails in Production

implementation

Fix, Refactor or Rebuild? A Decision Matrix for AI-Built Apps

implementation

Security Vulnerabilities in AI-Generated Apps, A UK Guide

Ready to explore AI for your business?

Book a free 20-minute consultation. No obligation, no jargon.