Ten individual ChatGPT Plus subscriptions, each tied to a personal email address. That is how one professional services firm started with AI, and it worked well enough until a team member pasted a client’s financial projection into a prompt without a second thought. Without shared admin or a central audit trail, no one knew it had happened. Choosing the right plan means asking which tier matches the risk your firm is actually carrying.
The choice you’re facing
The three ChatGPT tiers were designed for different buyers. Plus is a personal subscription for individuals. Business, the plan OpenAI previously called Team, is built for companies from two people upward, with central admin, shared workspaces and data integrations. Enterprise is a negotiated contract for organisations with roughly 150 users or more. For most UK owner-managed businesses, the real decision sits between Plus and Business.
At the indicative list prices widely reported for 2024, Plus runs at around $20 per user per month. Business sits at $25 per user per month billed annually, or $30 on monthly billing. For a 20-person firm, the annual difference between those two tiers is roughly $1,200. One or two days of reclaimed staff time would cover that gap comfortably.
Enterprise is a different conversation entirely. Independent analyses put typical seat costs between $60 and $100 per user per month, with annual minimum commitments commonly cited around $108,000. A firm of 20 people could not reach those minimums without paying well above the headline per-seat rate. In practice, OpenAI’s sales team would not engage at Enterprise terms with a buyer that size. Prices change, so check OpenAI’s current pricing page before budgeting.
When ChatGPT Plus is genuinely enough
If you are a sole trader and ChatGPT is a personal productivity tool, Plus is the right call. It gives access to the current flagship models, handles individual usage well and carries no team overhead. Two conditions make Plus appropriate: you are not sharing it across a team, and client-identifiable personal data never enters the account on any regular basis.
Plus accounts rely on individual users managing their own settings. Chat history can be disabled at the account level to prevent training use, but that relies on every person in your firm configuring their account correctly and consistently. There is no central switch for an administrator to apply across a team. If two or more people are using ChatGPT for client-facing work, that gap in control becomes a governance problem rather than a personal preference.
The March 2023 ChatGPT data exposure is worth knowing about. A bug in a third-party library briefly showed some users other users’ chat histories and payment details, affecting around 1.2% of Plus subscribers during a nine-hour window. The issue was patched quickly, but it illustrated a structural reality: consumer-grade accounts sit outside the data governance controls that the business-grade tier is designed to provide.
When ChatGPT Business is the right call
For any owner-managed business with two or more people using AI in their work, ChatGPT Business is the default right answer. It adds a central admin layer that Plus lacks: shared workspaces, custom GPTs your whole team can access, role-based controls and integrations with Slack, Google Drive and SharePoint. Workspace data is not used to train OpenAI’s models, which changes the compliance calculation considerably.
From an ICO standpoint, the Business plan makes it materially easier to demonstrate the technical and organisational measures that UK GDPR requires under Articles 5, 24, 25 and 32. A central admin account, combined with proper access controls and a documented data processing record, puts you in a much more defensible position than a scatter of personal Plus subscriptions.
For professional services firms, solicitors, financial advisers and anyone handling client personal data regularly, the argument is clearer still. The ICO expects you to show what data your processors hold, how it is protected and how you would comply with a deletion request if a client made one. That level of governance is achievable on Business. Getting the same standard from a collection of Plus accounts requires every user to manage their own settings correctly, with no way for you to audit whether they have.
What it costs to get the call wrong
Getting this wrong typically goes in one of two directions. Staying on Plus when your team needs Business creates compliance and operational gaps that cost more to fix later than the per-seat saving was worth. Moving to Enterprise before your firm is genuinely ready locks you into a contract you cannot fully use and an annual commitment that dwarfs what a team of 20 people needs.
The under-buying risk is the more common of the two. If your staff are using personal Plus accounts for work that involves client data, you may struggle to demonstrate appropriate data governance to the ICO, or to meet the data processing terms that enterprise clients increasingly include in their supplier contracts. For FCA-regulated firms the stakes are higher still. The FCA expects regulated businesses to retain full accountability for any outsourced service, including AI tools, under its outsourcing and third-party risk rules. Consumer-grade Plus terms were not written with those obligations in mind.
The over-buying risk is quieter but real. Enterprise contracts require substantial annual minimums. For a firm under 50 people, committing to that level of spend without clear evidence you need bespoke security controls, extended context windows and dedicated support is hard to justify commercially. The Competition and Markets Authority has also flagged concerns about concentration among major AI foundation model providers and the risk of lock-in. Signing a multi-year Enterprise deal without clear exit clauses and data portability provisions is a meaningful risk if you later want to move to an alternative.
What to ask before you decide
Before committing to a plan, five questions sharpen the decision quickly. They cover the data your staff will put in, your regulatory position, your headcount now and in twelve months, your governance approach and what the vendor will confirm in writing. The answers will tell you whether Plus, Business or Enterprise is the right fit, and flag if the answer is none of them.
First: what kinds of data will your staff put into ChatGPT? Client personal data, financial details or health information all trigger stricter UK GDPR obligations and point firmly towards Business or Enterprise, where you have proper admin controls and documented processor terms.
Second: are you regulated by the FCA, SRA or a similar body, or do you sell into the EU? If either applies, review the FCA’s guidance on AI outsourcing and the EU AI Act’s deployer obligations before choosing a plan. Consumer-grade terms were not designed with those requirements in mind.
Third: how many people are actively using it, now and in twelve months? For a 5-50 person firm, Business seat pricing is proportionate. Enterprise minimum commitments are not.
Fourth: what internal governance do you have for prompts and outputs? The ICO expects human oversight and accountability in AI-assisted decisions. Centralised Business or Enterprise tools make that policy far easier to apply and audit than individual accounts with no visibility to an administrator.
Fifth: ask the vendor to confirm in writing whether workspace data is excluded from model training, where data is stored geographically, and what the exit and portability terms are. The CMA’s work on foundation model concentration makes the last point particularly relevant. If a provider cannot answer those questions clearly before you sign, that absence of clarity is itself useful information.
