You are booked into a vendor demo next week. There will be someone from the AI company who knows the product cold, and then there is you, the person handed the mandate to evaluate AI tools for the business. You know you should be asking questions. You are less sure what to do with the answers.
The good news is that the questions protecting your business have almost nothing to do with model architecture or API specifications. They are about data, specifically where it goes, who touches it, how long it stays, and what happens if you stop paying.
What does vendor due diligence mean for a non-technical delegate?
Vendor due diligence means asking whether a supplier can be trusted with your company’s information. For a delegate evaluating AI tools, that assessment comes down to a small set of data-handling and contractual questions. You do not need a procurement team or a security specialist to run a credible evaluation call. You need the right list and the confidence to push back on vague answers.
The questions that matter most follow a simple logic. Under UK GDPR, any business processing personal data through a third-party tool must have a Data Processing Agreement with that vendor, understand where their data is stored, and be able to demonstrate that the processing is lawful. The ICO’s guidance on AI and data protection makes clear that adopting an AI tool does not pause your data protection obligations; if anything, it intensifies them. Running through the twelve questions before the demo ends is how you satisfy those obligations without needing a lawyer in the room.
A credible vendor who takes data governance seriously will welcome these questions. One who struggles to answer them is showing you something useful before any contract is signed.
Why do these questions matter even if you are not a technical expert?
The vendor will have a technically impressive presentation. The real risk sits underneath the product, in how the vendor handles the data your team feeds into it. If confidential client information, employee records, or proprietary processes end up in training data, that exposure cannot be undone. The contractual questions that prevent it are plain enough that any senior operator can ask them confidently.
The 2023 Samsung ChatGPT incident shows what happens when this is skipped. Employees used the free tier to complete work tasks. That tier trained on user inputs by default. Semiconductor designs, source code, and internal meeting notes became part of the training data. The risk in an owner-managed business is identical. A paid commercial tier with a Data Processing Agreement would have changed the outcome.
The reason a non-technical delegate can own this evaluation is that the failure mode is contractual, not architectural. The vendor either has a DPA or they do not. They either commit not to train on your data or they do not. These are factual questions with factual answers.
What are the twelve questions, and what counts as a real answer?
The twelve questions break into three clusters. The first four cover data basics, the answers to which determine whether using this tool with real business information is even permissible under UK GDPR and your professional obligations. The next five cover the contractual relationship. The final three surface risk signals worth probing even when everything else looks clean.
Data basics
Where is my data stored? The answer should name a specific jurisdiction: UK, EU, or US. If the answer is US, follow up by asking which UK-US data transfer mechanism the vendor relies on.
Do you train your models on my inputs? The required answer is “no, not on your tier.” If the answer is “by default yes, but you can opt out,” ask how the opt-out works and whether it is written into the contract.
How long do you retain data after my account closes? Seek a specific number of days, not a commitment to “industry standard practices.”
Who are your sub-processors, and can I object to new ones being added? You are entitled to the full chain of companies handling your data.
The contractual relationship
Do you have a Data Processing Agreement, and will you provide one? This is the formal contract required under UK GDPR Article 28 whenever a third party processes personal data on your behalf.
What is your breach notification time commitment? You need the vendor to inform you within 24 hours of discovering a breach, so you can meet the ICO’s 72-hour window for reporting to the regulator.
What was your model trained on, and how was it evaluated? Ask for documentation. A vendor unable to describe their training data or safety evaluation is operating without meaningful oversight.
Do you hold ISO/IEC 27001, SOC 2, or equivalent third-party security certification? The OWASP LLM Top 10 (2025) maps the specific security risk categories that vendor controls should address; these certifications are not a guarantee but their absence is worth noting.
Does your service have regulatory approval or an established relationship with the regulator in my sector? This matters if you are FCA-regulated, SRA-regulated, or working in a healthcare setting.
Risk signals
How do I export my data, and what does the exit process involve? Vendors without a clear portability commitment create lock-in risk if you later want to switch.
Which pricing tier includes the data privacy features I need? Confirm this before the call ends, in writing if possible.
What is the minimum spend to access a DPA and a training-disabled option on a commercial contract?
How do you know when an answer is not actually an answer?
Certain vendor responses sound reassuring but carry no substance. “We take data security seriously” and “we comply with all applicable laws” are not answers to questions about data residency or training opt-out. They are PR sentences. When you ask a specific question and receive a general response about values or culture, the vendor has not answered, and that tells you something.
The red flags are specific. If a vendor refuses to provide a Data Processing Agreement, or states they do not have one, treat this as a hard stop if you plan to process personal data through their tool. If they cannot tell you where your data is stored, they either do not know or do not want you to know; neither is acceptable. If they cannot produce a sub-processor list, ask again. A professional vendor will have one ready.
One additional signal: if the pricing structure obscures which features come at which tier, and the sales team steers every question towards a vaguely defined enterprise plan, push for a written feature comparison before the call ends. Opacity about pricing is often opacity about what the affordable tier includes.
What should you do with the answers after the call?
A structured evaluation call produces something you can show. Write up the vendor’s answers to all twelve questions in a single document, note where answers were specific and where they were vague, and flag the items that still need verifying in writing. That document is the artefact you share with whoever commissioned the evaluation, and it reads as competent work even if the decision is still pending.
Vendors who gave specific, verifiable answers stand out from the ones who gave general ones. The document also becomes evidence of due diligence if anyone later asks how the decision was made.
The minimum-spend reality is concrete. For the major LLM providers in 2025-2026, a Data Processing Agreement and a training-disabled option typically start at the paid commercial tier, running roughly £15 to £30 per active user per month. For a business where three or four people actively use the tool, that is £45 to £120 per month. It is a modest sum relative to the risk of a data breach, but any tool being evaluated needs to be assessed at the paid tier, not trialled on a free account.
Once the answers are in writing, check the DPA against the ICO’s published checklist. The vendor should commit not to train on your data, to notify you of a breach within 24 hours, to delete your data on contract termination, and to keep an accessible sub-processor list. Any gap in those four items is a substantive issue before you countersign.
