An operations director at a 15-person consulting firm told me recently that several of her team were pasting client board papers into ChatGPT to generate meeting summaries. She wanted to know whether that was a problem. The honest answer: it depends on which tool, which data, and what contractual protections are in place, and the gap between “fine” and “a UK GDPR breach” is narrower than many founders expect.
What choice are you actually facing?
Many owner-managed firms right now face two distinct options: public AI tools available to anyone online, where inputs may be logged and used to improve the model, or enterprise-grade deployments backed by written contracts, confirmed data residency, and explicit commitments about what happens to content after it is submitted. Understanding where your data lands in each scenario is the foundation of a workable AI policy.
A survey by Technology Reseller UK found that 67% of UK organisations cannot tell whether staff are sharing information via secure AI platforms, and 35% openly admit employees are using external tools without proper controls or visibility. For a professional services firm, that blind spot matters. Pasting a client’s full case notes into a public chat interface and routing anonymised summaries through a contract-backed enterprise deployment are not the same act, legally or in practice.
The data categories in the frame span several types: anything that can identify a living person under UK GDPR, special category data such as health records, financial histories, or religious beliefs, trade secrets and unpublished commercial strategies, and anything your client contracts say must not be processed by third parties without prior written consent. The right governance step varies by category, which is why this question deserves a considered answer rather than a blanket rule.
When should confidential data stay out of AI tools entirely?
For public AI tools, the rule is clear: keep out any information that identifies a living person, falls under special category data under UK GDPR, constitutes a trade secret, or is covered by professional confidentiality obligations. The NCSC’s guidance states that organisations should avoid entering sensitive information into public generative AI services because prompts may be stored, used for training, or accessed by the provider or others.
The ICO confirms that organisations remain fully responsible for UK GDPR compliance when using generative AI, including the requirements for a lawful basis, data minimisation, and appropriate data-processing agreements with any AI provider. Where those agreements do not exist, personal data should not go in. The same applies to professionally regulated firms: the SRA Code of Conduct requires solicitors to keep client affairs confidential, and FCA rules treat client data protection as a systems-and-controls obligation.
The Samsung incident in 2023 made this concrete. Staff pasted proprietary source code and internal meeting notes into ChatGPT; that material may have been stored and used in training before the company restricted all use of external AI tools. Trade secrets law protects information that has commercial value because it is secret and is subject to reasonable steps to keep it that way. Submitting that material to a public AI tool can undermine those steps in ways that are difficult to reverse.
When can AI tools handle confidential data safely?
Enterprise AI deployments can handle certain categories of confidential data lawfully, provided the right contracts and controls are in place. Microsoft Azure OpenAI, Google Vertex AI, and Anthropic’s Claude via Amazon Web Services each offer written data-processing agreements, commitments against using customer data to train foundation models, and data residency options that can keep processing within the UK or EU.
The ICO’s guidance on generative AI allows AI use where organisations can demonstrate a lawful basis, necessity, and data minimisation. Where a firm has a signed data-processing agreement with the AI provider, access controls and usage logging, staff training on which categories may be processed, and a documented risk assessment, the position differs materially from using a public tool. Routine back-office work, such as processing anonymised invoice data or running internal document search over files that users can already access through approved systems, often meets this bar.
Two sectors carry additional obligations. NHS guidance states that identifiable patient data must not enter public AI tools, and any clinical decision support must satisfy medical device and data protection requirements. The FCA and Bank of England’s joint discussion paper on AI in financial services confirms that firms remain responsible for model risk management and fair customer treatment even when using third-party AI. If you serve EU clients, the EU AI Act adds transparency and risk-management duties for providers and deployers from 2026 onwards.
What does it actually cost to get this wrong?
Under UK GDPR, the ICO can fine organisations up to £17.5 million or 4% of worldwide annual turnover, whichever is higher. British Airways received a £20 million fine after security failures exposed the personal data of around 400,000 customers. IBM’s annual Cost of a Data Breach report put the average UK breach cost at approximately £3.4 million, covering detection, response, and lost business.
Beyond the headline figures, costs spread in several directions. Client contracts increasingly carry data-processing clauses with indemnity provisions and termination rights; a breach of those clauses can end a client relationship before any regulatory process has even started. Individuals can bring claims for distress under UK data protection law, and case law has recognised compensation for privacy violations even without direct financial harm. Cyber insurers are asking for evidence of AI-related controls, and firms without a documented policy may find cover restricted or premiums elevated.
The UK government’s open letter to business leaders noted that AI is reducing the cost and skill barriers for cyber attackers, making leaked data easier to exploit at scale. Operational disruption from a breach, covering incident response, forensic investigation, and possible system changes, diverts leadership attention at the worst possible time. For a small services firm, the combined exposure from regulatory, contractual, and reputational consequences can quickly exceed the value of the productivity gains AI was meant to deliver.
What should you ask before confidential data goes near any AI tool?
Before any confidential data enters an AI system, three questions cut through the noise: Is this a consumer tool or an enterprise deployment with a written data-processing agreement? Would exposure of this data require notification to the ICO within 72 hours? And does the relevant client contract restrict third-party processing without prior written consent?
If any answer is no, the default is to keep the data out until the governance is in place. A written internal AI policy that specifies which data categories and tools are approved is the lowest-cost control available to a small firm. It costs little to write, gives staff a clear line to work from, and provides the documented position you would need if the ICO or a client challenged your approach.
Two further questions are worth adding for firms planning to scale AI use. Has the ICO-recommended Data Protection Impact Assessment been completed for any high-risk processing? And will this use hold up in three years when EU AI Act obligations apply to firms serving EU clients? If you cannot answer these positively, restrict the use until you can. The practical move this week is to audit which AI tools your team is already using and confirm whether any of them have a signed data-processing agreement attached. If you’d like help thinking through what responsible AI use looks like for your firm, Book a conversation.
