AI and GDPR: what UK small businesses can and cannot do

ChatGPT is neither GDPR compliant nor non-compliant on its own, because compliance depends on how your business uses it. Under UK GDPR your business is the data controller, so you are responsible for any personal data your team puts into an AI tool. A UK small business can use ChatGPT and similar tools lawfully by following three rules: use a business tier or API with a data processing agreement rather than a free consumer account, keep personal data out of prompts unless you have a lawful basis and a genuine need, and write down what you decided and why. The Information Commissioner's Office guidance on AI and data protection is clear that existing data protection law applies in full to AI. There is no AI exemption, and no AI ban either.

This matters to more firms every quarter. The Office for National Statistics found that 23% of UK businesses were using some form of AI by late September 2025, up from 9% when the question was first asked in September 2023. Most of those firms never ran a formal compliance project first (the full adoption picture is in our UK small business AI statistics table). The good news is that getting this right is mostly a matter of account choice and habits, not legal fees.

"The tool is not the compliance risk. The free account and the paste-anything habit are. Fix the account, write the one-page policy, and you are ahead of most of the market."

Dean Cookson, founder, Operosus

Why is "is ChatGPT GDPR compliant?" the wrong question?

Because UK GDPR regulates processing, not products. The same tool can be used in a fully compliant way by one business and a clearly unlawful way by the business next door. Asking whether ChatGPT is compliant is like asking whether email is compliant: it depends entirely on what you send through it and under what terms.

The useful question is: when my team uses an AI tool, where does the data go, who can see it, and what is it used for afterwards? Three things determine the answer:

• The account type. Free consumer accounts and paid business tiers handle your data under different terms. This single choice does more for your compliance than anything else.
• What goes into the prompt. Drafting a generic job advert involves no personal data. Pasting in a customer complaint email, complete with name, address and order history, does.
• Your paperwork. A lawful basis for the processing, a data processing agreement with the provider, and a short record of your reasoning.

The tool is not the compliance risk. The account type and the habits around it are.

What does UK GDPR actually require when you use AI?

The rules are the ones you already know from the rest of your business, applied to a new channel. The ICO's AI guidance organises them around the familiar principles: lawfulness, fairness, transparency, accuracy, security and accountability. In practice, for a small business using off-the-shelf AI tools, that boils down to:

1. Lawful basis. If personal data goes into an AI tool, you need one of the six lawful bases, most often legitimate interests for internal admin or contract for customer service tasks. The test is the same as for any other processing.
2. Data minimisation. Send the model only what the task needs. A prompt rarely needs a real name, email address or postcode. Strip or replace identifiers before pasting.
3. Processor terms. If a provider processes personal data on your behalf, you need a contract covering that processing, which in the AI world arrives as the provider's data processing agreement (DPA).
4. Transparency. If AI processing of personal data is more than incidental, your privacy notice should say so in plain language.
5. Human oversight of decisions. If a tool makes or heavily shapes decisions with real effects on individuals, hiring, credit, pricing, a human must genuinely review the output. Article 22 of UK GDPR restricts solely automated decisions with significant effects.

The penalties are real but worth keeping in proportion. The ICO's fining guidance sets the higher maximum at £17.5 million or 4% of total worldwide annual turnover, whichever is higher, with a standard maximum of £8.7 million or 2%. Those headline figures are aimed at serious, large-scale infringement. For a small business, the realistic costs of getting this wrong are a breach notification, an awkward conversation with customers, and remediation time, all of which are avoidable with the basics below.

Can staff paste customer data into the free version of ChatGPT?

No, and this is the single behaviour to fix first. The risk with consumer AI accounts is not hypothetical. Providers say it themselves: Google's privacy hub for its Gemini apps states that activity is used for "training generative AI models", that a subset of chats is reviewed by human reviewers, and advises users directly: "Please don't enter confidential information that you wouldn't want a reviewer to see or Google to use to improve our services". When a provider tells you not to put confidential information into its own product, believe it.

Business tiers work differently. As one verifiable example, Anthropic's commercial terms state that it may not train models on customer content from its services, and incorporate a data processing addendum by reference. The major providers all offer business or enterprise tiers with broadly similar commitments: no training on your data by default, a DPA, and admin controls. Check the current terms for whichever provider you use, because these documents change.

The practical fix costs little: move the people who actually use AI onto a business tier, switch off training where any setting exists, and tell everyone in one short policy what may and may not go into a prompt.

What belongs in a one-page staff AI policy?

• Which tools and account tiers are approved, and who owns the subscription.
• Never paste customer or staff personal data into unapproved or consumer tools.
• Use placeholders ("the customer", "Client A") instead of real names and contact details.
• AI output that affects a real person gets checked by a human before it is sent or acted on.
• Anything confidential under an NDA stays out of prompts entirely.
• Who to ask when unsure, and a promise that asking is never the wrong move.

Do you need a DPA with your AI provider?

Yes, whenever personal data goes through the tool. Under UK GDPR, an AI provider processing personal data on your instructions is a processor, and Article 28 requires a written contract. You do not negotiate this from scratch: every serious provider publishes a standard DPA, and accepting the business-tier terms usually puts it in place. Your job is to check four things:

1. The DPA actually covers the product tier you are paying for.
2. Training on your data is excluded, or you have switched it off where that is a setting.
3. International transfers are addressed, since most major AI providers process data outside the UK and rely on safeguards such as the UK Addendum to standard contractual clauses or the UK-US Data Bridge.
4. Sub-processors are listed somewhere you can find them.

Security is part of the same conversation, and it is not an abstract risk for small firms. The government's Cyber Security Breaches Survey 2025 found that 43% of UK businesses identified a cyber security breach or attack in the previous 12 months. Every AI tool you adopt is a new place your data lives, so it belongs on the same list as your CRM and email provider when you think about access, passwords and offboarding.

Do you need a DPIA before rolling out AI?

For most small-business uses of off-the-shelf tools, a short one is wise and a long one is unnecessary. A data protection impact assessment is legally required where processing is likely to result in high risk to individuals, and the ICO's AI guidance treats AI that processes personal data as a strong candidate. Drafting marketing copy with no personal data involved does not need one. Using AI to summarise customer complaints, screen CVs or transcribe calls does.

A proportionate small-business DPIA fits on two pages: what the tool does, what personal data it touches, the lawful basis, what could go wrong for the people in the data, and what you have done about each risk. The act of writing it usually surfaces the one or two changes worth making, such as anonymising inputs or adding a human check, and it is your best evidence of accountability if anyone ever asks.

What about the data these models were trained on?

This is the part of the debate you can mostly leave to the regulators and the model developers, but it is worth understanding because it explains the ICO's posture. After consulting on generative AI through 2024, the ICO concluded that developers relying on web-scraped training data face a hard road on transparency. Its response to the consultation series puts it plainly:

"Web scraping is a large-scale processing activity that often occurs without people being aware of it. This sort of invisible processing poses particular risks to people's rights and freedoms."

For a small business using these tools, the training-data question lands on the developer, not on you. Your responsibilities start at the prompt: what you put in, what you do with what comes out, and whether the output about a real person is accurate before you rely on it.

How does this work when AI is built into your own systems?

The same principles, applied at the design stage, which is where they are cheapest. We build AI products for UK businesses and the pattern repeats across very different sectors. Bidwell, our tender-writing product for SMBs, keeps company and bid content in its own database and sends the model only the material needed for the document being drafted, through a business API under the provider's commercial terms. The booking flow we built for Vets at Home handles pet owners' contact details at a difficult moment, so the AI works on service content while contact data stays in the booking system and moves through defined, logged integrations. For Vivify, a school facility-hire platform, listing and enquiry data lives in the platform's own database and the AI layer reads from it rather than becoming a second copy of it.

The transferable lesson for any small business commissioning or buying AI features: keep your customer data in systems you control, treat the model as a worker you hand individual tasks to rather than a warehouse you sync everything into, and insist that whoever builds for you can show where every field goes.

Where to start

Five steps, in order, each small enough to finish this week:

1. Find out what is already happening. Ask the team which AI tools they use and on what accounts. Shadow use of free chatbots is the most common gap, and you cannot fix what you have not found.
2. Move real use onto business tiers. One subscription with a DPA, training off, and admin control. Cancel the habit of consumer accounts for work.
3. Write the one-page policy. Use the bullet list above. Circulate it, say it out loud in a team meeting once, and pin it where new starters will find it.
4. Do a two-page DPIA for any use touching personal data. Plain English, honest risks, named mitigations. Update your privacy notice if AI processing is more than incidental.
5. Review twice a year. Provider terms, the tools list, and whether the policy still matches reality.

None of this requires a consultant or a pause on adoption. UK GDPR is compatible with using AI ambitiously; it just insists you know where your data goes. If your AI use touches hiring, the rules sharpen further: our guide to AI recruitment and UK law covers that ground. And if you want help building AI into your business properly, with the data handling designed in from the start, that is exactly the work we do at Operosus.