How your staff are actually using AI, and what it means for your data.

1. Pasting client documents into ChatGPT or Claude

What it is

A fee earner is drafting a reply to a client. They paste the client's email into ChatGPT to get a cleaner redraft. Or they paste a contract in to get a summary. Or a witness statement, to pull out the key points.

Why it's tempting

It works. The summary is good. The redraft saves an hour. The fee earner moves on to the next file. Multiply by thirty fee earners and you've recovered real capacity. People aren't being reckless. They're being productive.

What's actually happening underneath

When that document gets pasted, it travels to OpenAI's servers. Or Anthropic's, if you're using Claude. Either way, it's processed in the US, by what I call a US frontier provider.

Depending on the account tier, it might be retained for up to thirty days. It might be used for abuse monitoring. It's also subject to US legal process.

The client whose information is in the document was not asked. They almost certainly were not told.

What it might mean for you

UK data protection law has a clear rule for this kind of situation. If you use a third party to process personal data on your behalf, you need a written contract with them covering security, deletion, and how they handle the data. ChatGPT on the free tier does not give you that contract.

The Data Use and Access Act 2025, which received Royal Assent in June 2025, doesn't change this. The same controller and processor framework still applies.

So when a fee earner pastes a witness statement into ChatGPT, your organisation has effectively engaged OpenAI as a processor without the contract that's required.

Whether anyone in the organisation intended to engage OpenAI is beside the point. The processing has already happened.

The honest options

• Do nothing. Not appropriate here. The exposure compounds with every use.
• Policy and training. Necessary, but not enough on its own. A policy that says "don't paste client documents into ChatGPT" works on the day it's signed and decays from there.
• Change tooling. Move to ChatGPT Enterprise, Claude for Work, or Microsoft 365 Copilot, with the right data residency and processing terms. This solves the contract problem and the retention problem. It does not fully solve the "your client's data is now in a US system" problem.
• Build something private. Run an open weights model on cloud servers in the UK that you control. Documents never leave your infrastructure. This is the most involved option to set up. For firms doing serious commercial litigation or privileged corporate work, it's increasingly the only honest answer.

2. AI meeting transcription

What it is

Someone in the team installs Otter, or Fireflies, or Read.ai. Often without IT being asked. The tool joins their Zoom and Teams calls. It records, transcribes, and writes up an AI summary with action items. Sales teams increasingly use Gong or Chorus, which do the same plus pipeline analytics.

Why it's tempting

Meeting notes are universally hated. AI does them well. Action items get captured, decisions get recorded, the person on the call can focus on the conversation instead of typing. It saves a small amount of time on every call, every day.

What's actually happening underneath

Audio of the call, often video too, gets transmitted to the provider's servers. Those servers are typically in the US. The recording is transcribed, retained, and processed by their AI. Some tools also use call content to improve that AI, unless you've explicitly opted out.

Other people on the call (your client, your candidate, your supplier) were probably told a vague "this call may be recorded." They were probably not told that a third party AI service will then process the recording.

What it might mean for you

Under UK data protection law, an audio recording is personal data the moment a person can be identified by it. Almost always, they can. The transcription provider is processing personal data on your behalf, which means they need a proper contract with you.

Transparency is the other principle that gets tested here. The data subject has to actually understand what's happening, and "this call may be recorded" doesn't cover "this call is being analysed by an AI service in the US."

If the call is with consumers, the ICO has been clear that informed consent has a specific meaning. Its position hasn't changed under DUAA.

For most professional work, the bigger issue is contractual. Most client agreements in legal, financial advisory, and consulting work include confidentiality clauses that predate AI transcription.

Those clauses probably say something like "all information shared during this engagement will be kept confidential." They probably don't say "except for the parts that an AI service in California processes and retains."

A strict reading of those clauses probably prohibits what's already happening on every call.

The honest options

• Do nothing. Not really workable. Once recordings are flowing to a third party without a contract, the exposure is continuous.
• Policy and consent. Genuinely sufficient for most internal meetings. Agree which platforms are sanctioned. Train staff to disable transcription on external calls unless explicit consent has been given and a processing agreement is in place.
• Choose a tool that meets UK GDPR requirements properly. Microsoft 365 Copilot, Zoom AI Companion, and a handful of specialist tools offer UK or EU data residency and proper processing terms. This is often the right answer.
• Build something private. For most teams, this is overkill for note taking. Don't let anyone tell you that you need a sovereign AI setup for meeting summaries. The exception is probably law firms recording client conferences, financial advisers recording regulated calls, and healthcare providers. There, the calculation flips.

3. AI sifting and ranking of CVs

What it is

The HR team or a recruiter is sifting through hundreds of applications. They use a tool that summarises each CV, scores it against the job description, and ranks candidates. Sometimes this is a feature inside their applicant tracking system. Sometimes it's a separate tool plugged in by API. Sometimes a recruiter is just pasting CVs into ChatGPT and asking which look strongest.

Why it's tempting

Three hundred applications for a single role is normal now. Sifting them by hand is slow and inconsistent. AI ranking is faster, and at first glance it seems more objective. The recruiter still sees the shortlist, so it doesn't feel like the AI is making the decision.

What's actually happening underneath

A CV is personal data. Often quite sensitive personal data, depending on what's on it. The tool sends each CV to a third party for processing.

The AI scores or ranks each one based on patterns it picked up from what it learned. Those patterns carry whatever biases were in that material. The recruiter who reviews the shortlist is reviewing a list that has already been filtered by something they cannot inspect.

What it might mean for you

The screening tool is processing personal data on your behalf, so it needs a proper contract. That part is the same as before.

The bigger question is around automated decisions about people. UK data protection law gives candidates rights when decisions about them are made primarily by automated processing, and the Data Use and Access Act 2025 updated this area. Solely automated decisions that have legal or similarly significant effects need extra protections, and being shortlisted for a job almost certainly counts.

Those protections include transparency to the candidate, the right to ask for a human review, and the right to contest the outcome. If your sift is heavily ranked by AI and the recruiter is just signing off on the top of the list, that's harder to defend than you might think.

Transparency comes back as well.

Your candidate privacy notice probably says you'll process their CV. It probably doesn't say "an AI service in the US will rank you against the other candidates."

The honest options

• Do nothing. Not appropriate. Bias and automated decision exposure both compound.
• Use an AI tool with proper governance built in. Several reputable ATS vendors have added AI sifting with documented bias testing, audit logs, EU or UK data residency, and clear processing terms. This is the right answer for most teams. Update your candidate privacy notice to match.
• Change the workflow. Use AI to highlight points in CVs (skills, gaps in employment) but not to rank or score. Keep the recruiter doing the ranking. This is harder to operationalise but easier to defend.
• Build something private. Possible, but rarely the right answer here. CV screening is not where most organisations have the volume or the appetite to justify a sovereign AI build. The market for compliant AI screening is mature enough.

4. Chatbots on your website connected to your CRM or knowledge base

What it is

You add a chat widget to your website. It answers customer questions. To make it useful, you connect it to your CRM, your support knowledge base, your product documentation, sometimes your order system. Now it can tell a customer where their order is, summarise their previous tickets, recommend products based on their history.

Why it's tempting

Your support team is overworked. Tickets are repetitive. A chatbot that's set up properly can resolve a large percentage of queries before they reach a human, and it's available at three in the morning. The economics look great.

What's actually happening underneath

Most of these chatbots are powered by a third party AI, often OpenAI or Anthropic, hosted in the US. When a customer types a question, the chatbot fetches relevant context from your CRM. That's the customer's account details, previous orders, and support history.

All of that gets sent, along with the customer's question, to the AI. The AI then writes a reply. Whatever the AI saw is now in that provider's logs. Depending on the tier, it might be retained, processed, or used for abuse monitoring.

What it might mean for you

Two angles here. First, the contract issue, again. The chatbot vendor and the LLM provider are both processing personal data on your behalf and both need proper contracts. Many off the shelf chatbot platforms now include this in their terms, but the cheap ones often don't. Read the data processing addendum carefully or ask your supplier for it.

Second, purpose limitation. UK data protection law expects you to use personal data only for the purposes the person agreed to, and only as much of it as you actually need.

When the chatbot fetches "context" from your CRM, it usually fetches more than it strictly needs. The customer asked where their order is. The chatbot might helpfully include their full account history in the prompt, just in case it's useful.

That's a real expansion of the data being shared with a third party, beyond what the customer expected when they asked their question.

The fundamentals haven't changed under DUAA. The ICO emphasises transparency and governance.

Your privacy notice probably says you process customer data to provide support. It probably doesn't say "including by sending account history and conversation context to a US AI provider every time the customer asks a question."

The honest options

• Do nothing. Possible if your chatbot uses only generic product information and never touches customer data. Most don't fall into that category any more.
• Use a chatbot platform that meets UK GDPR requirements properly. The mature platforms have proper processing terms, data residency options, and audit trails. Most of the time, this is the right answer.
• Constrain what the chatbot can see. Many platforms let you scope the data the AI has access to. Give it the customer's most recent order, not their lifetime history. This often improves the answers as well.
• Build something private. For regulated sectors (financial services, healthcare, legal services), the calculation can flip. Running an open source AI on UK infrastructure, with the AI looking things up in your own knowledge base, keeps customer data inside your perimeter. The build is real but increasingly tractable.

5. AI generated marketing copy and images that mention real people

What it is

The marketing team is putting out a case study, a LinkedIn post, a customer testimonial graphic, an event email. They draft it with ChatGPT. They paste in real customer names, real quotes from customer interviews, sometimes notes from a sales call. They might be using AI image tools to generate variations, or to edit photos that include people.

Why it's tempting

Marketing has more channels and more deadlines than it has people. AI is genuinely brilliant for first drafts, copy variations, and quick image work. If it took five hours to produce a case study before, it now takes ninety minutes. That's real.

What's actually happening underneath

When marketing pastes a customer quote, a sales call note, or a product testimonial into ChatGPT, they're sending personal data of real people to a third party. The same applies to AI image tools that generate likenesses based on a prompt that mentions a real person, or that edit a photograph of a real person. Whatever was sent sits in that provider's logs at least temporarily.

What it might mean for you

Any processing of personal data needs a lawful basis under UK law. Usually that basis is the consent the customer gave you when you collected the data.

If you collected the customer quote under a marketing consent that said "we'd like to use your testimonial on our website," that consent probably doesn't cover "and we'll send it to a US AI service to rewrite it."

The original consent was for the publication, not for the production process behind it.

For images of identifiable people, you've got the same issue plus a question about image rights and likeness. AI generated likenesses based on real people are increasingly contentious.

The honest options

• Do nothing. For many low risk cases, this is genuinely fine. AI rewriting your own staff bio, generating generic stock images with no real people, or polishing copy that mentions no individuals, carries little practical exposure.
• Sanction specific tools and write a clear policy. This is the right answer for most marketing teams. Approve named tools at named tiers, with proper processing terms. Make it clear what staff can and cannot paste in. Keep customer quotes, internal interview notes, and recognisable images of named individuals out of consumer AI tools.
• Update your consents. If you regularly use AI to work with customer testimonials or images, your marketing consent wording should say so plainly. Something like "we may use approved AI tools to help us produce marketing content, including content that features your name, quote, or photo." Most customers won't object. The point is that you've asked.
• Build something private. Almost always overkill for marketing content. The exception is if your marketing content routinely includes commercially sensitive client information (some B2B agency work, for instance, where the case study itself is confidential until launch).

6. AI translation of client documents

What it is

Someone has a document in a language they don't read. They drop it into Google Translate, DeepL, or the translation feature in Word, or a browser extension. Maybe it's a contract from an overseas supplier. A patent filing. A witness statement. An email from an international client. The translation comes back in seconds.

Why it's tempting

Professional translation is slow and expensive. Free AI translation is fast, and good enough for most reading purposes. If you're trying to understand an email, you don't want to send it to a translation agency and wait two days.

What's actually happening underneath

Document translation tools transmit the entire document to the provider's servers. They process it, translate it, and return it. Free tier services often retain content. Some use the content to improve their AI. Browser extensions and translation features inside other software often work the same way, and aren't always obvious about it.

What it might mean for you

Same as ChatGPT, really. The translation provider is processing personal data on your behalf, and the law requires a proper contract for that. Free Google Translate doesn't give you that. DeepL's free tier doesn't either, although their paid Pro tier does.

There are two extra wrinkles for this use case. First, the documents being translated are often the most sensitive ones in the organisation. International contracts, supplier agreements, immigration paperwork, witness statements.

The "high value document" and the "I need to understand it now" tend to coincide.

A staff member viewing a confidential email in a translated browser tab has just sent the contents of that email to the translation service.

Translation features inside browsers are easy to enable without anyone realising. They apply to whatever's on the page.

The controller and processor framework still applies under DUAA. The ICO emphasises the controls organisations need over how their processors handle data. Translation providers are no exception.

The honest options

• Do nothing. Not appropriate, given how sensitive the documents being translated tend to be.
• Move to paid tiers with proper processing terms. DeepL Pro, Google Cloud Translation, and Microsoft Translator (paid) all offer documented terms. This solves the contract problem.
• Set browser policy. Disable in browser translation features for accounts that handle sensitive material. Small change, big reduction in exposure.
• Build something private. Open source machine translation has come a long way. Models like NLLB or Madlad can run on your own infrastructure for many language pairs. For law firms, finance teams, or manufacturers handling confidential international documents at scale, this is increasingly worth considering.

7. Microsoft Copilot, Google Gemini in Workspace, and other AI features inside your office suite

What it is

Microsoft 365 Copilot. Google Gemini in Workspace. Slack AI. Notion AI. The AI feature is built into the productivity suite your organisation already uses. Staff get an AI assistant inside Word, Outlook, SharePoint, Drive, Slack, Notion. They can ask it to summarise long emails, draft replies, write a meeting recap based on the calendar, find a document, or summarise a folder.

Why it's tempting

Unlike pasting things into ChatGPT, this one is already inside your enterprise tooling. IT bought the licence. There's a contract in place. The AI is "in the same boundary" as your data. It feels safer. Often, it is.

What's actually happening underneath

The AI feature sees whatever the logged in user has access to. If a user asks "what did marketing say about Q3 in Slack last week?" the assistant searches Slack on their behalf. If they ask "summarise the M&A folder," the assistant searches their OneDrive or Google Drive and pulls in whatever it finds.

The contract with Microsoft or Google does cover this processing properly. The data stays within your UK or EU regions if you've set that up. The technical picture is mostly fine. The problem is usually somewhere else.

Most organisations have access permissions that have grown over years. People can technically see folders and channels they probably shouldn't, simply because no one has audited the permissions in five years.

Before AI, that didn't matter much. No one was actively going to dig through every folder they could see. An AI assistant changes that. It can search everything in seconds. The access controls that don't quite match practice now matter in a way they didn't before.

What it might mean for you

The contract issue is mostly handled by these enterprise tools. The bigger issue is internal. Your access control is now under load it wasn't designed for. A staff member who could in theory open the M&A folder can now ask the AI "what's the latest acquisition under discussion" and get a usable summary in seconds.

Your privacy notices probably say staff access personal data only for legitimate work purposes. Your access permissions probably allow access far beyond that. With AI bridging the gap, the gap matters in a way it didn't before.

The honest options

• Do nothing. Possible if your access control is already tight and your data is already well organised. For most organisations, it isn't.
• Audit access permissions before turning the AI on. This is the work most teams skip. The AI will surface whatever is technically accessible. Make sure that's what should be accessible.
• Pilot first, then expand. Roll out Copilot or Gemini to a small group. Watch what they ask it. Watch what it surfaces. Adjust permissions based on what you learn. This is the right answer for most teams.
• Build something private. Almost never the right answer for office suite AI. Microsoft and Google have invested billions in making their AI work inside their own boundaries. Trying to replicate that with a self hosted setup is fighting the wrong battle.

8. Custom GPTs and AI assistants trained on your internal documents

What it is

You build a custom GPT, or a chatbot, or an internal AI assistant. You upload your company handbook, your support knowledge base, your product documentation, your internal policies, your past sales decks, your call transcripts. Now staff can ask it questions and get answers based on your own content. "What's our PTO policy?" "Has anyone closed a deal with this customer before?" "Summarise our Q2 product launches."

Why it's tempting

Internal knowledge is hard to search. SharePoint is where documents go to die. People email the same questions to the same colleagues forever. A bot that knows your stuff seems like a small revolution, and it often is.

What's actually happening underneath

There are two flavours of this. The first uses a hosted platform like OpenAI's custom GPTs or Microsoft Copilot Studio. You upload documents, the platform stores them in a form the AI can search, the platform's AI answers questions. Your documents are now sitting in the platform's storage. Some of those documents probably contain personal data about staff, customers, or third parties. Some probably contain commercially sensitive information.

The second flavour is similar but built on your own infrastructure. You set up the storage and the AI yourself. The documents stay where you put them.

Both flavours have a question that's often missed. When you upload a knowledge base, you're putting the whole thing in front of the AI. Anyone the AI talks to can ask any question.

Sensitive content was effectively buried in folders no one looked at. With AI, it's now easily findable. Salary information in the handbook. Customer complaints that were resolved quietly. Past pricing decisions.

The AI is brilliant at surfacing things. That's the point. It's also the problem.

What it might mean for you

The processing question depends on which flavour you've built. A hosted custom GPT puts all that data in front of a third party, which means the same kind of contract questions as before. A self hosted setup avoids that, but you still have to think about who inside the organisation can ask the bot what.

The bigger question is purpose limitation again. The personal data you collected was for specific purposes. Salary data was for payroll. Customer complaints were for support. Past appraisals were for HR. Putting all of that into one searchable AI assistant probably wasn't a purpose anyone was told about.

Your internal privacy notices, the staff handbook, the supplier agreements, probably say something about how their data will be used. They probably don't say "and any colleague will be able to ask an AI about it on demand."

The honest options

• Do nothing. Often the right starting point. Don't build the bot until you've thought through the governance.
• Constrain what the bot can see. Build separate bots for separate audiences, or use access controls so the bot won't answer questions about content the user isn't allowed to see. This is technically harder than people expect, and is one reason the off the shelf options often disappoint.
• Choose a hosted platform with proper terms and access controls. Microsoft Copilot Studio, OpenAI Enterprise, and a handful of others let you build custom assistants with documented processing terms and respect for the underlying access controls in your suite. This is often the right answer.
• Build something private. For organisations with genuinely sensitive internal documents (legal practices, financial firms, healthcare providers, defence suppliers), running this on your own UK infrastructure with retrieval over content you control is the right answer. The build is real but tractable.

9. AI voice agents for customer calls

What it is

You hire an AI voice agent to handle inbound calls. ElevenLabs, Vapi, Air, Synthflow, Retell. The agent answers the phone, talks to the customer in a natural sounding voice, takes a booking, answers questions, escalates to a human when needed. Some agents now use voice cloning to sound like a specific person.

Why it's tempting

Phone support is expensive. Out of hours coverage is even more expensive. AI voice agents are fast becoming good enough for the simpler queries. The pricing is per minute and competitive. For some businesses, an AI voice agent is the only way to answer the phone outside core hours.

What's actually happening underneath

The customer's voice is captured, transmitted to the voice agent provider, processed in real time by speech recognition, sent through an AI that generates the reply, then converted back to speech and sent to the caller.

The whole conversation is recorded. The audio sits in the provider's logs. The transcript sits there too. Most providers run on US infrastructure, or use US infrastructure for the AI step.

There's also the voice cloning angle. Some platforms let you clone a real person's voice to use as the agent's voice. The cloning involves processing what's called voice biometric data, a kind of special category data that gets stricter treatment than ordinary personal data.

If the cloned voice belongs to an employee (or a former employee, or a director), the consent and rights questions get awkward fast.

What it might mean for you

The conversation is full of personal data. The caller's voice. Their name. Often their address, account details, payment information. The provider is processing all of that on your behalf. Same controller and processor framework as before. They need a proper contract with you.

Transparency is harder here than for transcription tools. The caller doesn't see your privacy notice. Many of them don't realise they're speaking to AI.

Your standard "calls may be recorded for training and quality" message probably doesn't cover "this is an AI, your voice is being analysed in the US, and a transcript will be retained for thirty days."

For regulated sectors, the rules go further. Financial services calls are subject to record keeping and conduct rules from the FCA. Healthcare calls involve patient information, which gets stricter rules than ordinary data.

If your AI voice agent is taking medical bookings, processing insurance information, or quoting financial products, the contract with the provider is the floor, not the ceiling.

If you're using voice cloning, the special treatment of voice biometric data applies. Consent has to be specific. If the voice belongs to a real employee, what happens when they leave? Does the cloned voice keep working?

The honest options

• Do nothing. Possible for businesses that handle simple, low risk calls (appointment confirmations for a hairdresser, for instance). Even there, transparency about the AI matters.
• Use a voice agent platform that meets UK requirements properly. A small number of providers offer EU or UK data residency, documented processing terms, and audit trails. Make sure your supplier is one of them. Update your call introduction script so callers know they're speaking to AI.
• Skip voice cloning unless you have a strong reason. The compliance overhead and the consent issues rarely justify the marginal benefit of a familiar voice over a generic one.
• Build something private. For regulated sectors taking calls about regulated subjects (finance, healthcare, legal), the calculation can flip. Open source speech recognition like Whisper, plus open source AI tools, can be combined into a voice agent stack on UK infrastructure. The build is significant. For some sectors, it's becoming the only realistic answer.

10. Pasting financial data, forecasts, or board materials into ChatGPT

What it is

A finance team is preparing the management accounts for the board. They paste the draft into ChatGPT and ask for a summary, a redraft of the commentary, or an executive summary in plain English. Or someone is writing an investor update and pastes in the cap table to get help with the language. Or a CFO is preparing a forecast and uses ChatGPT to stress test the assumptions.

Why it's tempting

Financial writing is hard. Boards want clear narrative. Investors want crisp commentary. Producing both takes hours, and good AI does much of it in minutes. The CFO who can produce sharper board commentary in a quarter of the time has a real advantage.

What's actually happening underneath

The pasted content goes to OpenAI's servers. The numbers, the entity names, the forward looking commentary, the assumptions. Whatever's in the document is now in OpenAI's logs, at least temporarily, depending on the account tier. If it's a board pack draft, you've sent a board pack draft to a US AI company.

What it might mean for you

The processing question is the same as use case one. Personal data goes to a third party without a proper contract on free ChatGPT. There are usually one or two named individuals in any management accounts pack, so personal data is in the mix.

For regulated firms, the bigger question is the nature of the information itself. If you're a listed company, some of what you're working on is information that hasn't been published yet, and that has rules attached. The FCA cares about how it's handled.

The list of people who see it before publication is supposed to be tightly controlled. Adding "OpenAI's processing layer" to that list, without anyone deciding to, is the kind of thing your compliance team would want to know about.

For regulated investment firms, similar issues come up around client portfolios, fund holdings, and confidential client positions. The standard expectation is that this information stays inside the firm's controlled systems. Pasting it into ChatGPT does not meet that expectation, even if the data eventually doesn't get used to train the AI.

Your existing finance and IT policies probably say "store in secure systems, do not share outside the organisation." They probably don't say "except by pasting it into a US AI service when you need help with the wording."

The honest options

• Do nothing. Not really workable for any finance team that's experimenting with AI. Once people have started, they don't stop, and the exposure compounds.
• Move to enterprise tooling with proper terms. ChatGPT Enterprise, Copilot for Microsoft 365, Gemini Enterprise, all offer documented processing terms and EU or UK data residency options. This is the floor.
• Restrict the categories of document. Even with enterprise tooling, decide what staff can and cannot paste in. Draft management accounts, board minutes, anything subject to insider rules, should be off limits unless the tool is explicitly approved for that category.
• Build something private. For listed firms, regulated investment firms, and any firm where confidentiality of financial information is a material risk, running this on your own UK infrastructure with an open source AI keeps everything inside the firm's perimeter. The build is real. For high risk environments, it's increasingly the right answer.