"Are you really allowed to show your accounting to ChatGPT?" — one of the most asked questions during Ledger Botje demos. And a fair one. Under GDPR you are accountable for every personal data point that flows through your administration: customer addresses, bank accounts, contractor tax IDs, contact email addresses. Who is to say those will not end up in some AI training dataset?
In this article we map exactly how data flows when you connect Exact Online via MCP to an AI assistant, which legal frameworks apply, and what measures Ledger Botje and the AI vendors take to keep it safe.
Which data is shared with the AI?
An AI assistant never sees your entire Exact Online administration at once. The connection works per question: if you ask "which invoices are still open above €1,000?", Ledger Botje fetches exactly those rows from Exact Online, hands them to the AI, and the AI formulates the response. Other customer data, payroll details or unrelated bookings stay out of view.
In practice, only the fields needed for the question flow through. Asking about outstanding receivables means invoice numbers, amounts, customer names and due dates — no national IDs, no bank statements, no payslips (those don’t live in Exact Online Accounting anyway; they sit in a separate payroll system).
The role of the MCP protocol
The Model Context Protocol was deliberately designed for enterprise environments. Three properties matter for GDPR:
- Per-user authorization — the AI uses your own Exact Online login token. So it only sees what you yourself are allowed to see.
- No persistent storage — Ledger Botje does not keep a copy of your books. Each question fetches fresh data and only the essentials are logged for audit purposes.
- Tool boundaries — the Basic license disables write actions. The AI can only read, not change.
More technical detail in the MCP security explainer.
Where does the AI data live? OpenAI, Anthropic and Europe
This is where accountants and bookkeepers get nervous. When you use ChatGPT (OpenAI) or Claude (Anthropic), the prompt — and therefore parts of your administration — runs through that vendor’s servers. Both companies now have European data centres and offer enterprise plans where data is excluded from training.
For stricter setups: Mistral (French), Copilot Enterprise (EU tenant), and locally hosted models are alternatives. Choosing your AI vendor is also a privacy choice.
DPIA, data processing agreement and retention
For Ledger Botje we conducted a Data Protection Impact Assessment (DPIA) covering all risks and mitigating measures. Key controls:
- Audit logs in Ledger Botje are retained for at most 180 days (critical events 365 days), in line with the storage limitation principle in article 5.1.e GDPR.
- Every connection requires explicit OAuth consent — you never give Ledger Botje your password.
- The infrastructure runs within the EU.
The data processing agreement (DPA) between you and Ledger Botje is published online and aligns with article 28 GDPR. For customers with multiple administrations or their own DPO, we can share the DPIA on request.
What is your own responsibility?
As data controller you have three tasks:
- Inform your staff that an AI connection is live on the administration. Mention this in your internal privacy notice.
- Restrict permissions inside Exact Online. Only roles with the appropriate read rights should access the MCP connection.
- Pick your AI vendor deliberately and sign a processing agreement with them — OpenAI, Anthropic, Microsoft and Google all offer GDPR-compliant enterprise variants.
Conclusion
The Exact Online + AI combination is perfectly compatible with GDPR, provided you have three parties in order: yourself (controller), Ledger Botje (sub-processor for the MCP layer) and your AI vendor (processor of the prompts). Ledger Botje was designed for exactly this: minimal data flow, short retention, and transparent DPAs.
Want to read more about how we built security? See the security explainer and the data processing agreement. Ready to start responsibly with AI in your books? Follow the MCP setup guide.