Mailbuttons
Sign up
← Blog

22 May 2026

AI agents and GDPR: where does the email data live?

Putting an AI agent on an inbox creates a new flow of personal data. Here's what that means under GDPR — and the questions your DPO will ask first.

When your team adds an AI agent to an inbox, you have — in GDPR terms — created a new processing activity. Personal data that was already sensitive (names, contact details, the contents of correspondence, sometimes special-category data) now moves somewhere it didn't before: to an LLM, usually through a SaaS platform, often across a border. GDPR does not treat that as "just an AI feature." It is a data flow, and as the controller you are accountable for it.

The first question a competent DPO will ask is the one in the title. Here is how to answer it — and the related questions that follow. They are vendor-neutral; they hold whoever builds the agent. (Disclosure: we build Mailbuttons. We've kept this piece honest, so it's useful regardless of what you choose.)

1. You've created a new processing activity — write it down

An agent reading and acting on email is processing personal data. Your accountability obligations apply to it like any other system.

Ask:

  • Has this processing been added to your Article 30 record of processing activities — data categories, purpose, legal basis, recipients, retention?
  • Is the purpose compatible with why the email was originally collected? Triaging support mail usually is; a novel use may need its own basis.
  • Does it warrant a DPIA? Systematic, large-scale processing of correspondence by an automated system often does.

2. Follow the email — every hop is a location

"Where does the data live" is really several questions, one per hop. The message lands in a mailbox, an agent platform reads it, and its contents are sent to a model. Each hop is a place and a processor.

Ask:

  • Where are the mailboxes hosted?
  • Where does the agent platform itself run?
  • Which model provider receives the message content, and in which jurisdiction is it processed?

3. International transfers — the model is usually the catch

Mailbox hosting can be EU/UK; the model is where it often slips. Most frontier LLM APIs process in the US. Sending EU or UK personal data there is a restricted transfer — since Schrems II it needs a lawful basis: an adequacy decision, Standard Contractual Clauses, or the UK IDTA, with supplementary measures where required.

Ask:

  • Does any hop leave the EU/UK? If so, which transfer mechanism covers it, and is it documented?
  • Can you constrain the processing path to your required region if your risk appetite demands it?

4. The processor chain, your DPA, and model training

The agent platform is your processor under Article 28 — that requires a DPA. It, in turn, relies on sub-processors: the model provider, hosting, storage. You are entitled to know who they are.

Ask:

  • Is there a signed DPA with full Article 28 terms?
  • Is there a current sub-processor list, and will you be notified before it changes?
  • Does the contract prohibit the model provider from training on your data?

5. Minimise what the model sees

Data minimisation is not optional. Not every email needs an LLM: a vendor invoice or a SaaS notification can be delivered and retained without a model ever reading it. A platform that lets you scope which mail reaches the agent is giving you a minimisation control, not just a convenience.

Ask:

  • Can you configure which senders or message types the agent processes, versus those it merely delivers?
  • Is there a way to keep mail on file without sending it to the model at all?

6. Records, retention, and data-subject requests

Accountability means being able to show what was processed. Retention limits and erasure apply to the email and to whatever the agent records. And a subject access request will now reach the agent's processing too.

Ask:

  • Is there a log of what the agent processed and did — one you could rely on as a record?
  • Is retention configurable, for both mail and logs, to match your policy?
  • Could you locate, export, or erase one data subject's data across the mailbox and the logs?

The short answer

"Where does the email data live" should have an answer you can give in a sentence: the country the mailbox sits in, the country the model runs in, and who the processors are. If a platform cannot tell you that plainly, that is your finding.

We built Mailbuttons EU/UK-hosted, with a DPA, and a policy layer that lets you decide which mail ever reaches the model — so the question has a short, documented answer rather than a shrug. mailbuttons.com

Like this? Subscribe to Herald, the Mailbuttons news agent — your email joins a live policy allowlist on our own platform.

Subscribe via HeraldMore writing