AI and professional secrecy: pseudonymising client data
Before handing client data to an AI tool, you must pseudonymise it and pick the right solution. Method, decision table and watch points to stay compliant with professional secrecy.
Expert note: This article was written by our chartered accountancy firm. Information is current as of 2026. For a personalised review of your situation, contact us.
Quick answer. Before submitting client data to an AI tool, remove or replace direct identifiers (name, company number, address, telling figures). Pseudonymisation lowers the risk, but the data remains personal under the GDPR. Professional secrecy requires favouring tools that offer verified contractual safeguards.
A director often asks us: "Can I paste one of my client's balance sheets into an AI assistant to save time?" The answer is never a plain yes or no. It depends on what the data contains, the tool used and the precautions taken beforehand.
This is not about AI use cases, which we cover when we discuss artificial intelligence and accounting. It is solely about confidentiality: how to benefit from a smart assistant without exposing information protected by professional secrecy or by the GDPR.
An accounting firm handles particularly sensitive data: pay, margins, disputes, directors' personal wealth. A leak is not a harmless technical incident, it is a breach of a secret protected by law. The reflex must therefore be methodical, not intuitive.
Why professional secrecy changes everything#
The accountant's professional secrecy is not a mere good practice. It stems from Ordinance no. 45-2138 of 19 September 1945 (Article 21) and from the profession's code of ethics. Data entrusted by a client is covered by this secrecy.
Exposing client data to a third party, including an online AI service, without sufficient precaution may constitute a breach of that secrecy. The logic is the same as with an unsecured email or a document left on a train.
The GDPR adds to this duty rather than replacing it. Regulation (EU) 2016/679 requires data minimisation: processing only the data strictly necessary for the intended purpose (Article 5, 1, c). Submitting a whole file to an AI when a single line would suffice already breaches this principle.
Finally, Regulation (EU) 2024/1689, the artificial intelligence regulation, has framed the European AI landscape since 1 August 2024. For a firm, the immediate practical issue remains data protection, but this text confirms that AI no longer operates in a legal vacuum. We explore this balance between opportunities and constraints in our guide on the ROI and risks of AI in accounting under the AI Act.
Our take. Confidentiality is not an obstacle to AI, it is its condition of use. A firm that sets a clear upstream rule uses AI more freely and more often than one that bans it out of fear. The rule protects, it does not paralyse.
Pseudonymisation or anonymisation: two notions not to confuse#
The difference between pseudonymisation and anonymisation is the most common source of confusion we encounter. Yet it carries opposite legal consequences.
Pseudonymisation, defined in Article 4, 5 of the GDPR, consists of replacing direct identifiers with pseudonyms. Company DUPONT becomes "Client A", the company number becomes "identifier 1". The link remains reconstructable using a correspondence table kept separately.
Pseudonymised data remains personal data. It stays fully subject to the GDPR. Pseudonymisation lowers the risk, it does not remove it.
Anonymisation, by contrast, is irreversible. The link with the person can never be reconstructed, by anyone. Genuinely anonymised data falls outside the scope of the GDPR. But robust anonymisation is technically hard to guarantee: cross-referenced data often allows a person to be re-identified.
| Notion | Reversibility | GDPR status | Practical firm use |
|---|---|---|---|
| Pseudonymisation | Reversible (correspondence table) | Remains personal data | Risk-reduction measure, to combine with others |
| Anonymisation | Irreversible | Outside GDPR scope | Ideal but hard to truly guarantee |
| Raw identifying data | Not applicable | Full personal data | Never submit without contractual safeguards |
The underestimated risk. Many believe that deleting the name is enough to anonymise a document. It is not. An unusual turnover figure, an address, a company's incorporation date or a combination of numbers may suffice to identify a business within its sector. Pseudonymisation must cover every telling element, not just the name.
In practice: the method before submitting data#
Our internal protocol comes down to a few steps, which a director using AI on their own data can apply too.
- Identify the real purpose: do I need identifiers to get my answer? Most often, no.
- Remove or replace all direct identifiers: company name, person's name, company number, address, account numbers.
- Neutralise telling indirect identifiers: unusual exact figures, precise dates, an overly specific sector.
- Keep the correspondence table that allows real values to be reinjected into the result outside the tool.
- Check the tool: data hosting, reuse for training, server location.
In practice. For a margin analysis, we send the AI generic labels ("Product 1", "External charge A") and figures rounded or indexed to base 100. The calculation logic is preserved, the file's identity never is. The result is then manually dressed back with the real values. This discipline echoes our generative AI use cases for an SME director, where each time saving comes with a guardrail.
Choosing the tool: a trade-off, not a reflex#
Not all AI tools offer the same safeguards. A free consumer assistant and a professional contracted solution are not equivalent when it comes to confidentiality.
Trade-off. Between the convenience of a consumer tool and the security of a contracted solution, the right choice depends on the data's sensitivity. For a general question with no client data ("explain margin VAT to me"), a consumer tool will do. To process real data, even pseudonymised, you need a solution offering contractual safeguards: hosting within the European Union, a commitment not to reuse data for training, and GDPR-compliant clauses.
Business tools increasingly embed AI features directly within the accounting environment. Working in a controlled setting such as the Pennylane accounting tool, rather than copying data to an external service, mechanically reduces the exposure surface.
| Tool type | Real client data | Pseudonymised data | Generic question, no data |
|---|---|---|---|
| Consumer AI without contract | Prohibited | Avoid | Allowed |
| Professional AI under contract (EU, no training) | With care and pseudonymisation | Allowed | Allowed |
| AI built into a secure business tool | Subject to vendor safeguards | Allowed | Allowed |
Decision table: what can I submit, and how#
This table summarises our sorting logic. It does not replace a case-by-case analysis, but it avoids most mistakes.
| Situation | Decision | Measure to take |
|---|---|---|
| Theoretical question with no client data | Allowed | No specific measure |
| Identifying client data, consumer tool | Prohibited | Pseudonymise and switch tool |
| Pseudonymised client data, EU contracted tool | Allowed with conditions | Check the contract and keep the table apart |
| Sensitive data even pseudonymised (dispute, director's health) | Avoid | Process internally, without external AI |
| Processing with high risk to individuals | Prior assessment | Carry out an impact assessment (DPIA, GDPR Art. 35) |
What the authority looks at. The CNIL publishes recommendations on the use of artificial intelligence and data protection. In an inspection, it examines the purpose of the processing, effective data minimisation, the safeguards offered by the provider and, for high-risk processing, the existence of a data protection impact assessment (DPIA, Article 35 of the GDPR). Documenting these choices matters as much as the choices themselves.
Common case: the balance sheet pasted on reflex#
In firms' and finance teams' files, the most common mistake is not malicious. A rushed staff member pastes a full dashboard, with company name and real figures, into an online assistant to "draft a management commentary".
The document leaves in the clear towards a third-party service whose terms have not been checked. If that service reuses the data to train its models, the client's information has left the firm without control. Professional secrecy is potentially compromised, and the GDPR along with it.
The fix is simple: a written internal rule, a short training session, and a systematic pseudonymisation reflex. This is exactly the kind of framing we build into a digital transformation of the finance function, where AI is deployed with guardrails, not on autopilot.
2026 watch points#
The framework is tightening. The artificial intelligence regulation provides for phased application: prohibited AI practices and the AI literacy obligation have applied since 2 February 2025, obligations for general-purpose AI models since 2 August 2025, and rules for high-risk systems from 2 August 2026.
2026 watch points. Three reflexes to embed now.
- Heavy penalties: the regulation provides for fines of up to EUR 35 million or 7% of total worldwide annual turnover for the most serious breaches.
- AI literacy: since 2 February 2025, organisations must ensure a sufficient level of AI knowledge among those who use it. Internal training is no longer optional.
- Documentation: keep a record of your tool choices, pseudonymisation measures and risk assessments. The burden of proving compliance falls on you.
Building skills on these topics is an integral part of the advisory mission of a firm registered with the French Order of Chartered Accountants, itself bound by secrecy and by mastery of the tools it deploys.
Key takeaways#
- Professional secrecy (the 1945 ordinance) and the GDPR govern any client data submitted to an AI.
- Pseudonymising is not anonymising: pseudonymised data remains personal data subject to the GDPR.
- Before any submission, remove direct identifiers and neutralise telling indirect identifiers.
- Reserve consumer tools for questions with no client data; require contractual safeguards (EU hosting, no training) for the rest.
- Document your choices: in 2026 the burden of proving compliance is on you, with fines of up to EUR 35 million or 7% of worldwide turnover.
Want to deploy AI in your management without exposing your data or your compliance? Let us discuss your situation: our chartered accountancy firm in Paris 8th sets up usage rules tailored to your activity and your tools.
Frequently asked questions
Can I use a consumer AI to analyse my accounting data?+
Yes for general questions with no client data, such as explaining a tax rule. No for submitting real identifying data without precaution. In that case, pseudonymise the data and favour a contracted solution offering hosting safeguards and a commitment not to reuse data for training. The data's sensitivity drives the choice.
Is pseudonymisation enough to comply with the GDPR?+
No, it is not enough on its own. Pseudonymised data remains personal data fully subject to the GDPR, because the link with the person can still be reconstructed. Pseudonymisation lowers the risk and is a security measure, but it must be combined with the choice of a tool offering genuine safeguards.
What is the difference between pseudonymisation and anonymisation?+
Pseudonymisation is reversible: a correspondence table lets you recover the identity. The data stays personal. Anonymisation is irreversible and falls outside the GDPR scope, but it is technically hard to guarantee, because cross-referenced data often allows a person or a business to be re-identified.
Does professional secrecy ban all use of AI?+
No. Professional secrecy, derived from the 1945 ordinance, does not ban AI but governs its use. It requires not exposing client data to a third party without precaution. With rigorous pseudonymisation and a tool offering verified contractual safeguards, the use becomes compatible with the secret.
When must I carry out an impact assessment (DPIA)?+
A data protection impact assessment is required when processing is likely to result in a high risk to individuals' rights and freedoms, under Article 35 of the GDPR. AI processing involving sensitive data or carried out on a large scale frequently falls within this case. The assessment must be documented and kept available.
What penalties apply for an AI-related breach?+
Regulation (EU) 2024/1689 provides for fines of up to EUR 35 million or 7% of total worldwide annual turnover for the most serious breaches. To these add the GDPR's own penalties and the ethical consequences of breaching professional secrecy. Documenting your choices is your best protection.
Article written by Samuel HAYOT
Chartered Accountant, registered with the Institute of Chartered Accountants.
Regulated French accounting and audit firm based in Paris 8, built to support companies across France with a digital and decision-oriented approach.
Sources
Official and operational sources cited for this page.
- CNIL - Intelligence artificielle et protection des donnees personnelles
- Reglement (UE) 2024/1689 du 13 juin 2024 (reglement sur l'intelligence artificielle)
- Reglement (UE) 2016/679 (RGPD)
- Ordonnance n 45-2138 du 19 septembre 1945 (profession d'expert-comptable)
- Ordre des experts-comptables
- economie.gouv.fr - Numerique et donnees
This topic is part of our service Finance transformation | Automation & dashboards
Need a quote or personalised advice?
Our accountancy firm supports you through all your steps. Get a free quote to review your situation and receive a bespoke fee proposal, or contact us directly.