• Writing and rewriting emails
• Translate and improve tone-of-voice
• Summarizing meetings and notes
• Structuring documents and drafts

The problem is not the usage itself. The problem is when the workplace hasn’t set a framework and employees are “guessing”.

The Danish Data Protection Agency points to the solution: establish an organizational framework for whether – and how – employees can use generative AI tools, and make it part of awareness, guidelines and procedures (and possibly supplement with technical measures such as blocking public tools)

What is prompt hygiene in practice?

Think of prompt hygiene as four micro-habits that make AI use robust – even when life gets busy:

1. Rewrite before you prompt
2. Never insert sensitive or confidential data
3. Verify output (AI can hallucinate or misunderstand context)
4. Ask when in doubt (clear escalation to e.g. DPO/IT/manager)

Why does it work?

Because it moves AI usage from the “skill of a few” to the common minimum standard of all.

And yes: it’s also a documentation issue. The Danish Data Protection Agency generally highlights Awareness as an organizational measure that complements technical measures and reduces risks that cannot be solved technically alone.

“Show me – don’t tell me”:

3 safe rewrites of typical prompts

Below are three recognizable situations – and a way to rewrite the task so you still get the value without leaking data.

1) Email to customer (without customer data)

Uncertain prompt:

“Can you write an email to [Customer name] about the delay on [project] and include that [named people] are sick?”

Safe prompt (translated into template):

“Draft a friendly email to a customer about a minor delay. Avoid specific names, cases and internal reasons. Offer a new timeline and next steps. I’ll insert the facts myself afterwards.”

2) Meeting summary (without personal data)

Uncertain prompt:

“Summarize this meeting and list decisions. Here are the minutes: [insert notes with names, roles, absences, performance, etc.]”

Probably prompt:

“Give me a structure for a meeting summary (purpose, decisions, actions, deadlines). Write in bullet points. I fill in the content myself.”

3) HR/Compliance text (without internal documents)

Uncertain prompt:

“Can you improve our internal policy? Here is the full document: [insert internal policy/draft contract]”

Probably prompt:

“Propose a generic outline for an internal AI usage policy (purpose, scope, do/don’t, approved tools, data types, escalation, control/oversight). Use neutral, Danish language.”

Why “it’s anonymized” is not a shortcut

In practice, many people hear: “I removed the names, so it’s ok.”

But anonymity is not something you just declare. The EDPB (European Data Protection Board) emphasizes that the assessment of anonymity is concrete and the threshold is high: it should be very unlikely to identify individuals or extract personal data from a model via queries.

Prompt hygiene is therefore also about giving employees a simple alternative to “I’ll anonymize quickly”: turn the task into a template + insert facts locally in approved systems.

EU AI Act: AI literacy is a requirement and it already applies

If your employees are using AI tools at work (and they are), training them is no longer a nice-to-have.

The EU AI Act – Article 4 (EN), requires providers and deployers to take steps to ensure an adequate level of AI skills among employees and others using AI on behalf of the organization – taking into account knowledge, experience, training and context.

The European Commission clarifies that Article 4 has been in application since February 2, 2025 and that the obligation to take action therefore already applies. The Commission also describes that enforcement lies with national market surveillance authorities and that the approach is flexible, but expects “best effort” and relevant actions.

An important detail for HR and Compliance: The Commission Q&A also mentions that certificates are not necessarily required – organizations can keep internal records of training/actions.

Why a short, scenario-based e-learning course is the “clean” solution

Prompt hygiene only works if everyone learns the same rules in the same way.

A short, scenario-based course gives you:

• Common baseline (everyone knows what they need to know – not just the “AI strong”)
• Habits under pressure (scenarios from your everyday life)
• Documentation (who completed what – and when)
• Audit-ready story: “We have trained, set the framework, and can document it”

It matches both the Danish Data Protection Agency’s focus on awareness, frameworks and procedures and the AI Act’s requirements for AI skills/AI literacy EUR-Lex.

A simple model you can roll out in 30 days

1. Define “must/should/should not” for AI tools (approved tools + purpose)
2. Introduce prompt rules (data types, examples, “rewrite before you prompt”)
3. Make AI Awareness mandatory for employees using AI
4. Create a gray area procedure: who to ask, how quickly, and how to document the answer?

Do you want to make AI use both safe and efficient while documenting AI literacy?

Take our AI Awareness e-learning course and build EU AI Act-ready AI literacy and prompt hygiene across the organization.