OpenAI has announced the introduction of data residency in Europe for its ChatGPT Enterprise, ChatGPT Edu, and API Platform. This initiative allows organizations in Europe to comply with local data sovereignty requirements while utilizing OpenAI products. Data residency enhances OpenAI’s existing data privacy, security, and compliance features.
Data Residency Features
API Platform: Eligible customers can enable European data residency by creating a new project in the API Platform dashboard and selecting Europe as the region. API requests will be processed in-region with zero data retention, meaning requests and responses are not stored on OpenAI servers. Note that only new projects can be configured for European data residency.
ChatGPT Enterprise and Edu: New workspaces can be established with data residency in Europe, allowing customer content, including conversations and uploaded files, to be stored in the region.
Security and Compliance
OpenAI's data residency builds on its robust data privacy and security measures, which support numerous organizations in Europe, including Booking.com, BBVA, Zalando, and Oxford University. Key features include:
- Advanced Encryption: AES-256 for data at rest and TLS 1.2+ for data in transit ensure data confidentiality and integrity.
- No Training on Customer Data: OpenAI's models are not trained on customer data by default unless customers opt in.
- Comprehensive Data Protection: Practices support compliance with GDPR, CCPA, and adhere to CSA STAR and SOC 2 Type 2 standards.
- Data Processing Addendum (DPA): Clarifies roles and responsibilities under GDPR, aiding organizations in meeting compliance obligations.
Overall, data residency enhances data control for organizations operating in Europe, ensuring that their data remains confidential, secure, and owned by them.
