AI governance, policy and data protection that people will actually follow
Use AI safely without killing the benefits. Clear policies your team will actually follow, and the guardrails that keep you on the right side of data protection.
The exciting part of AI gets all the attention. The part that quietly causes the damage is what happens to your information when it goes into someone else’s model. AI governance is how you get the upside without the nasty surprise: a clear policy your team will actually follow, sensible guardrails, and an honest answer to “where does our data go.”
I spent 13 years as a CTO protecting data sensitive enough for law enforcement. I take this seriously, but I am also practical. The goal is safe use, not a policy so strict that everyone ignores it.
Why this matters more than people think
Most AI accidents are not dramatic. They are an employee pasting confidential information into a free tool because nobody told them not to, or a useful experiment quietly breaching a data obligation. A short, clear policy and a bit of guardrail prevents the large majority of that, cheaply.
Common questions
Do we actually need an AI policy?
If anyone in your business could use an AI tool, which today means almost everyone, then yes. It does not need to be long. It needs to be clear, and your team needs to know it exists.
Our staff are already using ChatGPT. Is that a problem?
It can be, and it is extremely common. The answer is not to ban it and hope, but to understand what is being used, set clear rules, and give people safe ways to get the benefit.
Is our data safe with AI tools?
It depends entirely on the tool and how it is configured. Some are fine for general work and completely unsuitable for sensitive data. Knowing the difference is exactly what this is about.
How does this relate to GDPR?
Feeding personal data into AI tools has real data-protection implications. I help you understand your obligations in plain terms and put sensible measures in place, rather than leaving it to chance.
We are small. Do we really need governance?
The policy can be short and simple, but yes. Small businesses are not exempt from data obligations, and a one-page policy is cheap insurance against an expensive mistake.
Can you write the policy for us?
Yes. I can draft a clear, practical AI policy tailored to how your business actually works, and help you roll it out so people pay attention to it.
How do we stop sensitive data leaking into AI tools?
A mix of clear rules, the right tool choices and settings, and giving people safe approved options so they are not tempted to use risky ones. I help you put all three in place.