Know what data your AI tools can and cannot touch.
AI tools process whatever data your staff put into them. Without clear procedures, that means personal data, client information, and commercially sensitive content flowing into third-party AI systems without controls. We fix that.
Complete data handling for AI environments.
From data classification to breach procedures, we produce the full set of data handling documentation your AI governance framework requires.
Data Classification for AI
A clear classification framework defining which data categories can be shared with AI tools, which require additional controls, and which must never be input into any AI system.
GDPR Compliance for AI Outputs
Procedures for handling AI-generated content that may contain or reference personal data, including retention rules, deletion obligations, and subject access request implications.
Third-Party AI Tool Data Agreements
Guidance on reviewing and documenting the data processing terms of AI tools, including whether a Data Processing Agreement is required and what data residency obligations apply.
AI Output Storage and Retention
Rules for how AI-generated outputs should be stored, labelled, and retained, including requirements to distinguish AI-generated content from human-authored content in records.
Data Breach Procedures for AI Incidents
Specific procedures for identifying and responding to data incidents involving AI tools, including accidental disclosure of personal data to AI systems and AI-generated data leaks.
Special Category Data Controls
Enhanced controls for any scenario where special category data such as health, biometric, or financial data might be processed by or shared with AI tools, including explicit prohibition where appropriate.
From data mapping to approved procedures.
Data Flow Mapping
We map the data flows between your organisation and the AI tools in use, identifying every point where data is input, processed, or output by an AI system.
Data Classification Review
We review your existing data classification framework and extend it to cover AI-specific scenarios, including data that is safe to share and data that must never be input.
Procedure Drafting
We draft the data handling procedures in plain language, with clear decision trees staff can follow when deciding whether to share data with an AI tool.
GDPR Alignment Check
The procedures are reviewed against your existing GDPR documentation, including your Record of Processing Activities, to ensure consistency and completeness.
DPO and Legal Review
Where a Data Protection Officer is in place, we work with them to review and finalise the procedures. Legal review is coordinated where required.
Staff Guidance and Training
We produce a staff-facing summary of the data handling rules and support the training rollout so staff understand what they can and cannot do in practice.
Data procedures for regulated UK sectors.
Private Healthcare Provider
A private healthcare organisation needed to assess the risk of clinical staff sharing patient information with AI tools before rolling out Microsoft Copilot across the business.
Data handling procedures produced and aligned with NHS data security standards. Clear rules on patient data, clinical records, and administrative data. Copilot deployment approved with documented controls.
Accountancy Practice
An accountancy firm with 120 staff needed procedures governing the use of AI tools for client work, including rules on sharing financial data and draft correspondence with AI systems.
Tiered data handling procedures produced covering client financial data, HMRC correspondence, and internal documents. ICAEW guidance incorporated. Procedures approved and rolled out within three weeks.
Multi-Academy Trust
A trust operating eight schools needed data handling procedures covering AI tool use by teachers and administrative staff, with specific controls for pupil data under UK GDPR.
Procedures produced covering pupil data, staff data, and third-party data. DPO reviewed and approved. Rolled out to all schools with a teacher-facing quick reference guide.
Is your data safe in your AI tools?
Book a free AI governance review. We will assess what data is currently flowing into your AI tools, identify the highest-risk gaps, and give you a clear picture of what your data handling procedures need to cover.