How a 72-Person Bucharest Digital Agency Stopped Shadow AI From Leaking Client Data — and Shipped 14 Governed Workflows in 90 Days Without Slowing Delivery

The problem

By spring 2026, the agency looked like every Romanian services firm on LinkedIn: reels about AI productivity, a Slack channel called #ai-wins, and a delivery team that could draft a landing page, rewrite ad copy, and summarize a client brief in the time it used to take to schedule the kickoff call. Under the surface, nobody could answer a simpler question: where did client data go when someone typed a prompt?

Shadow AI — employees using unapproved tools like ChatGPT, Claude, Gemini, or Perplexity on personal accounts — had become the default. An internal survey in March 2026 found 68% of staff used generative AI at least weekly; 39% admitted they had pasted client names, campaign budgets, contract excerpts, or Romanian personal identifiers (CNP, IBAN) into free-tier tools with no data-processing agreement. IT had banned nothing and monitored nothing. Productivity was up. Risk was invisible.

The first alarm was a client audit, not a regulator. A mid-size retail chain renewing a €420K annual retainer sent a 14-page vendor questionnaire in April asking whether subcontractors used AI on their data, whether models were trained on inputs, and whether the agency could produce an AI inventory within 72 hours. The founder had 48 hours to reply honestly. The honest answer was: we don't know.

The second alarm was social — literally. On X and Instagram, 'AI agency hacks' had become the dominant creator niche in Q2 2026: screen recordings of prompt chains, Notion templates, 'replace your junior with this GPT'. Two of the agency's own account managers were posting workflow tips that accidentally showed client logos in browser tabs. A competitor's viral reel ('how we write 40 ad variants in 10 minutes') triggered the retail client's question in the first place.

Then the calendar turned serious. The EU AI Act's substantive obligations for deployers of high-risk and general-purpose AI systems land on 2 August 2026 — five months away when the project started. Romania's ANSPDCP had already signaled that treating free ChatGPT as a 'productivity shortcut' for client PII is a GDPR processing violation, not a grey area. The agency's DPO estimated that a single proven leak of customer data through an ungoverned prompt could trigger a client contract termination, a GDPR notification, and a personal liability conversation with the board.

What we built

We did not ban AI. Bans were the reason Shadow AI existed in the first place — the team would just switch browsers. We built a governed layer that made the approved path faster than the rogue one: enterprise models with DPAs, automatic redaction, audit logs, and 14 workflows embedded where work already happened (HubSpot, Slack, Google Drive, Meta Ads Manager, Figma comments).

Two rules on day one with the founder and the DPO. First: no client identifier crosses the gateway unredacted — CNP, IBAN, full email lists, and unreleased campaign budgets get stripped or hashed before any model sees them. Second: every workflow that touches client deliverables logs prompt hash, user, timestamp, and output destination to an EU-hosted audit store the DPO can export in under an hour. Humans keep creative judgment; the gateway keeps the compliance file.

• Governed AI gateway (Claude Enterprise + Azure OpenAI EU region): single browser extension and Slack `/ai` command that replaces personal ChatGPT tabs — 127 shadow sessions/week dropped to zero within three weeks because the approved path was one click and faster
• PII redaction layer: regex + NER scan on every prompt outbound — blocks CNPs, IBANs, card numbers, and client domains on an exclusion list; flags contract PDFs for manual review instead of auto-blocking (legal was 22% of prompts)
• Client brief summarizer: pulls the latest HubSpot deal notes + Google Drive kickoff doc, produces a structured creative brief in the agency template, writes back to the deal record — cut brief prep from 90 minutes to 11
• Ad copy variant engine: ingests approved brand voice doc + product feed, generates 12 Meta/Google variants per SKU with character-count validation, queues in Meta Ads drafts for human approval — never auto-publishes
• Landing page first draft: Figma plugin + webflow export path — AI drafts hero, proof, FAQ from brief; designer edits in Figma; changelog stored for AI Act transparency
• SOW and contract clause checker: compares new client MSAs against the agency's 2026 AI governance addendum, highlights missing DPA language, DSR clauses, and subprocessors — legal review time on new deals down 44%
• Weekly client report assembler: pulls Meta, Google, GA4, and Shopify into one narrative PDF with anomaly callouts — account managers stopped spending Sunday nights on slides
• SEO content brief generator: keyword cluster + SERP scrape → outline with H2/H3, internal link map, and 'do not claim' list from client compliance notes
• Creative QA bot: scans exported ads for off-brand claims, competitor trademarks, and missing disclaimers before trafficking — caught 19 issues in the first month that would have gone live
• Slack #ai-wins → governed channel: viral internal prompts migrated to approved templates with redaction baked in; likes and remixes without leaking client context
• AI literacy micro-modules (EU AI Act obligation since Feb 2025): 6×12-minute Notion lessons + quiz; completion tracked in BambooHR before gateway access unlocks
• Incident response playbooks: 72-hour GDPR notification template, client comms draft, and kill-switch to revoke a user's gateway access — tested once in a tabletop exercise
• Compliance dashboard for the DPO: live inventory of 14 workflows, risk classification per EU AI Act Annex III mapping, exportable audit bundle for client questionnaires
• Shadow AI discovery scan: Okta browser plugin report + DNS log review surfaced 11 remaining rogue tools; replaced or blocked within 30 days

The results after one quarter

By the end of Q2 2026 the agency had zero reported PII leaks through AI tools — down from three near-misses in Q1 that legal had handled quietly. The retail client signed the renewal with the AI governance addendum appended; two other accounts copied the same clause within six weeks, which the founder now treats as a sales asset rather than a procurement burden.

Delivery speed went up, not down — the opposite of what the creative director feared when he heard 'governance'. First-draft turnaround on ad copy and landing pages improved 31% because the approved workflows removed the copy-paste tax between HubSpot, Drive, and personal ChatGPT. Account managers reclaimed an average of 6.4 hours per week previously spent on report assembly and brief reformatting.

Shadow AI sessions blocked at the gateway peaked at 127 per week in week three, then fell to single digits by week eight as the team stopped opening personal tabs. The #ai-wins Slack channel stayed active — but every shared prompt now ran through a template, which the head of performance called 'the difference between teaching hacks and teaching a system'.

The compliance file was the quiet win. When a fintech prospect asked for EU AI Act readiness evidence in May, the DPO exported the audit bundle in 41 minutes: workflow inventory, risk classifications, training completion rates, redaction logs, and human-oversight sign-offs. The deal closed three weeks later. The founder's read: 'We spent 90 days building what our competitors are still pretending they don't need.'

What we'd do differently

We launched with a hard block on any PDF upload over 10 pages. Legal promptly hit it with 40-page MSAs twice a day. We switched to 'scan + queue for human' instead of block — friction dropped and legal stopped routing around the gateway through personal Gmail.

We underestimated the Instagram effect. Two account managers kept drafting captions in phone Notes because 'it's faster than Slack on mobile'. We added a one-tap mobile shortcut to the gateway and a rule: if it's client-facing copy, it goes through the gate or it doesn't go out. Vanity posting stopped being an exfiltration path.

The line we'd underline for any agency facing August 2026: governance is a delivery accelerator, not a brake — but only if the approved path is genuinely faster than Shadow AI. Ban memos fail. DPAs plus better UX plus audit logs win. And if a client asks for your AI inventory, you want to send a link, not start a scavenger hunt through your team's browser history.

Tools & stack