One of your team sends a client update email. It is well-written, efficient, and faster than usual. Then you notice the phrasing and realise they used ChatGPT to draft it. What you do not know, unless you ask, is what they pasted into the chat window first.
According to a Cyberhaven study covering millions of work events, 11% of all corporate data entered into ChatGPT was classified as sensitive: customer records, contracts, financial details. That figure comes from firms with no malicious actors. It comes from people trying to get their work done faster.
What does “unsafe use of ChatGPT with client data” actually mean?
The behaviour is specific. A staff member opens chat.openai.com or a similar public tool, pastes text that includes a real client name, email address, account number, or financial detail, and submits it. Under UK GDPR, that act is processing personal data. Your firm is the data controller. The chatbot provider is processing that data on your behalf, without any of the contractual safeguards that arrangement legally requires.
Free and standard paid tiers of ChatGPT and similar tools retain conversation history and may use prompts to improve their models. OpenAI’s own terms confirm this: unless you hold an Enterprise account or a specific zero-retention API contract, data you send can be stored and reviewed. The ICO is clear on the accountability point: using a generative AI tool with personal data does not transfer responsibility away from your firm. You made the decision to deploy the tool; you remain the data controller.
The NCSC puts it plainly. Treat prompts as data leaving your organisation. Any text pasted into a public AI tool has left your perimeter, and the moment it carries a real person’s details, your legal obligations around that data travel with it.
Why does this matter for your business?
The regulatory exposure is real and it is not size-gated. The ICO expects every organisation, including a ten-person professional services firm, to have identified lawful grounds for processing, appropriate safeguards, and documented controls. An ungoverned ChatGPT habit inside your team is unlikely to have any of those three. A data breach triggered by an accidental paste can mean a 72-hour notification obligation and an ICO investigation.
IBM’s 2023 Cost of a Data Breach report put the UK average at £3.4m per incident. That figure includes regulatory penalties, legal costs, client notification, and operational disruption. For an owner-managed business, even a fraction of that sits on the founder personally in ways it does not for a large corporation.
The corporate examples from 2023 are worth knowing. Samsung’s engineers pasted confidential source code and internal meeting notes into ChatGPT; Samsung discovered it, restricted access firm-wide, and redirected resources to build an internal alternative. JPMorgan blocked staff access in February 2023 over compliance and data exposure concerns. Neither firm had a rogue employee. Both had people doing their jobs at speed without a clear line drawn.
For FCA-regulated businesses, the implications compound further. ChatGPT can qualify as an outsourced third-party service under operational resilience rules, and the SMF holder remains accountable. Consumer Duty obligations apply where AI use touches client-facing outcomes, and that requires documented risk assessment, not just a verbal policy.
Where does it actually show up in a services firm?
The patterns show up consistently across owner-managed businesses. A client proposal gets drafted faster by pasting the client’s brief, including their company name, problem description, and budget, directly into ChatGPT. A meeting summary gets generated from notes that include names and financial figures. A contract clause gets checked by pasting the actual signed contract. Each use case feels reasonable in the moment and constitutes a data governance failure.
A 2024 ISC2 study found that 63% of organisations had staff using generative AI tools without formal approval, mainly to work more efficiently. Employees rarely understand that “using ChatGPT for this email” and “moving a client’s personal data to an uncontrolled environment” are the same action.
The highest-risk tasks in a services firm are the ones where client context is most naturally embedded: proposal drafting, meeting note processing, contract review, and client reporting. These also happen to be the highest-volume, highest-value AI use cases, which is exactly why a blanket ban so often fails. Staff find workarounds via personal devices or personal accounts, which moves the data somewhere even less visible than before.
The practical question is which of those tasks your team is already doing with a public tool, and whether you have any visibility into it at all.
When is the risk live, and when can you hold off?
The risk is live in your firm if any of these are true: staff use public AI tools on managed devices, you handle personal data for clients as part of your service, or you operate in a regulated sector. You do not need evidence of a specific incident before acting. The Cyberhaven data suggests that in a firm using AI actively, sensitive data is likely already moving into public tools.
Urgency scales with sector. FCA-regulated firms, accountancy practices, solicitors, and healthcare providers carry the highest exposure because client data in those sectors is either special-category data, subject to professional secrecy, or covered by sector-specific outsourcing rules. For these firms, the obligation to act is not optional, and the expectation from regulators is documented risk assessment and mitigation.
For non-regulated services businesses, UK GDPR exposure is still present. The proportionate response is to identify the two or three tasks most likely to involve real client details, write a clear rule against pasting those details into public tools, and offer a safe alternative. That is the minimum viable version of governance on this specific issue and is achievable in a day.
What related safeguards belong alongside this one?
Stopping unsafe paste behaviour is one layer. The related safeguards that compound its effectiveness are: a data classification framework so staff know which information is in the red zone, a technical control that blocks or monitors access to public AI domains on managed devices, an approved alternative so staff who need AI assistance for client work have somewhere to go, and an incident process that covers an accidental paste.
The ICO’s Article 32 UK GDPR guidance requires appropriate technical and organisational measures. For an owner-managed business, that does not mean enterprise-grade data loss prevention infrastructure on day one. It means a written policy with concrete examples, a brief staff session that uses a real incident as an anchor, basic domain controls where technically feasible, and at least one approved tool with a UK GDPR-compliant processor agreement in place.
The approved alternatives worth understanding: Microsoft Copilot for Microsoft 365 operates within your tenant and inherits your access controls without training foundation models on your data. Claude for Teams and Enterprise accounts, and Google Vertex AI, offer processor terms that designate them as data processors under UK GDPR, with clear data-residency options and no default use of your prompts for model training. These are categorically different from an unmanaged browser session at chat.openai.com.
A one-page acceptable-use appendix, covering green, amber, and red examples by task type, is the kind of documentation the ICO will look for first if an incident occurs. Write it before you need it. If you want a hand doing that in a way that fits your firm, a conversation is the place to start.
