Summary
- Always fact-check AI output, as tools like ChatGPT can produce inaccurate or invented information, including references to laws that do not exist.
- Never input personal or confidential information into a public AI tool, as this can breach UK GDPR and contractual confidentiality obligations.
- Check the tool’s terms before relying on its output, as ownership of AI-generated work and the risk of infringing third-party IP remain unsettled in UK law.
- This guide explains the dos and don’ts of using AI like ChatGPT for business owners in the United Kingdom.
- LegalVision’s business lawyers specialise in advising clients on data protection and technology compliance.
Tips for Businesses
Fact-check every AI output before relying on it, especially legal or factual claims. Never enter personal data or confidential information into a public AI tool. De-identify inputs first. Check the tool’s terms for ownership and data use, and keep a human reviewing and editing anything the AI produces.
Generative AI tools like ChatGPT can help UK businesses draft content, summarise information and work more efficiently. They also carry legal risks if used carelessly. The main risks are accuracy, data protection and confidentiality. AI tools can produce confident but wrong output, including invented facts, so you must fact-check anything you rely on. If you input personal data, you must comply with UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025, all overseen by the Information Commissioner’s Office, which published an AI and Biometrics Strategy in 2025. Putting confidential information into a public AI tool can also breach contractual duties. Used sensibly, with human review and no sensitive data entered, AI is a useful tool rather than a legal liability. This article will set out how you can use AI like ChatGPT sensibly and effectively to help promote efficiency in your business without breaching the law.
What is ChatGPT?
ChatGPT is one of the most common forms of AI that businesses are increasingly using. It operates like an advanced chatbot designed to understand and generate human-like text. ChatGPT generates its answers based on vast datasets that it has learned from “training”. It does not use the internet, and so the GPT-3.5 model (the free version) only has access to information up to September 2021.
How Are Businesses Using ChatGPT?
Businesses continue to discover new ways of using ChatGPT, especially as technology advances. It has gained popularity by being able to generate content within seconds. Some high-level examples of how businesses use ChatGPT are:
- drafting correspondence, such as emails or responses to customer complaints;
- generating content, such as social media posts, and product descriptions;
- reviewing or proofreading work; and
- basic analysis, such as market research using publicly available data.
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form, and we will contact you within one business day.
The Do’s
Fact Check
There are limitations to the data ChatGPT uses to generate its content. Currently, GPT-3.5 has only been trained on data available up to September 2021. This means that its responses can often include incorrect or inaccurate data, facts, or figures, which subsequently results in misleading or unreliable information in a business document. ChatGPT is also not yet advanced enough to interpret difficult data, such as legislation. For instance, ChatGPT is notorious for suggesting legislation or regulations that simply don’t exist!
It is, therefore, essential that you fact-check any content or document that you use ChatGPT to produce.
Use It to Inspire, Not to Create
It can be tempting to let ChatGPT take the wheel when drafting your documents. While it is a useful tool to point you in the right direction or give you a headstart, ChatGPT should not be used blindly. Automated drafting using ChatGPT lacks human touch and intuition. It may not capture the exact tone, sentiment, or empathy needed for certain business documents that require a personal touch. It is best to use its responses as inspiration for the work that you can tailor according to your business style.
Keep It Simple
There is no doubt ChatGPT has emerged as a powerful disruptor in the business world. However, it is designed to understand and generate responses based on the information it receives from a user. If this information is confusing or ambiguous, any responses generated will be limited. It is, therefore, important to keep your communication on ChatGPT clear, direct, and simple. This enhances its ability to provide the most relevant and appropriate response.
De-Identify Information
As previously mentioned, ChatGPT uses previous inputs from users to generate future content. When using ChatGPT for your business, it is essential that you do not use any information that could identify your clients, employees, customers or competitors. This could raise issues with privacy and confidentiality. Instead, you should ensure that you de-identify your input to ChatGPT. This is where you remove or modify information that could identify a company or individual so that the data or text is anonymous.
How UK Data Protection Law Applies to AI
If your business uses AI to process personal data, UK data protection law applies in full. The framework is the UK GDPR, the Data Protection Act 2018 and the newer Data (Use and Access) Act 2025, which is being introduced in stages.
The Information Commissioner’s Office regulates this area. In 2025 it published an AI and Biometrics Strategy, setting out how it expects organisations to use AI responsibly. Its focus is on fairness, transparency, accountability and human oversight where AI decisions significantly affect people.
For most businesses, the practical points are straightforward. Identify a lawful basis before processing personal data through an AI tool. Be transparent with people about how their data is used. Do not enter personal data into a public tool that may use it for training, unless you have checked the terms and have a lawful basis.
Where an AI decision could have a legal or similarly significant effect on someone, you should allow human review. Getting advice early is sensible, as the rules are developing quickly.
The Avoid’s
Input Personal or Confidential Information
One of the key risks businesses face when using ChatGPT is the risk of breaching privacy laws and confidentiality obligations. This can happen when a business includes sensitive information in their input to AI and then the AI uses this data as “training” for future responses. It is, therefore, best practice to never include sensitive or identifiable information when using any AI tool, unless you have otherwise read their terms and conditions and are comfortable with how personal data will be used..
Not Comply With Privacy Laws
When handling personal data, you must ensure it aligns with UK GDPR rules. Under the data protection principles, you must ensure personal data that you handle is used fairly, lawfully and transparently. You will likely violate key UK privacy laws where you:
- use customer information to train third-party generative AIs; or
- provide personal data to generative AIs without your customers’ consent or where your customers do not expect you will do this.
Breach Confidentiality Obligations
Generally, contracts will contain an obligation of confidentiality. You will likely breach your confidentiality obligations if you disclose confidential information to a third party. This third party may be a generative AI platform. You may not be in breach if your disclosure falls under an exception listed in your contract. Absent such an exception, your disclosure will likely constitute a breach of contract. You will likely have to pay a financial sum as compensation to the party whose confidence you breached.
Depending on the type of business you run, you may also have statutory confidentiality obligations. If you are a doctor or a lawyer for instance, you also owe statutory obligations to your patients and clients.
Claim Ownership
The law in the UK is still playing catch up with AI. At present, the law remains generally unsettled as to who owns the work generated by AI. Prior to using an AI platform, you should always chedk the terms and conditions. Checking these terms and conditions will inform you as to how you may permissibly use the platform’s output.
There is a risk that the AI platform might have infringed on someone else’s IP rights. For example, they might have copied someone’s intellectual property and then generated it for you to use, which could land you in hot water. So, it is important to be careful about this in case you unintentionally breach a third party’s IP rights.
If your business has a website, you will need to provide terms and conditions of usage for your website’s users. These Website Terms of Use set out the rules for people using your website.
Key Takeaways
Although ChatGPT and similar generative AIs are still in their early stages, they are already proving to be powerful tools for businesses. These tools allow businesses to produce work more efficiently. However, with new technology comes new risks. It is essential that businesses exercise caution with what they input into ChatGPT and similar generative AIs. Equally, you must be wary of the output generated by the generative AI platforms. Fact-checking and de-identifying input are both key to ensuring the work being produced is accurate, reliable and complies with privacy and confidentiality obligations. The work produced must also be edited by a person who can add their personal touch, creativity and intelligence to put themselves in the best position from an intellectual property perspective.
If you are unsure whether your business is using AI in a legally compliant manner, contact our experienced data, privacy and IT lawyers as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
Can I input personal data into ChatGPT for my business?
You should avoid entering personal data into public AI tools. Doing so can breach UK GDPR if the tool uses the data for training or you have no lawful basis. De-identify information first, and check the tool’s terms before processing any personal data through it.
Who owns content created by AI in the UK?
Ownership of AI-generated work is unsettled in UK law. The tool’s terms and conditions usually set out how you may use its output, so check them before relying on it commercially. There is also a risk that the output infringes a third party’s intellectual property.
Does UK GDPR apply when my business uses AI?
Yes. If your AI use involves personal data, the UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025 all apply. The ICO expects fairness, transparency, accountability and human oversight where AI decisions significantly affect individuals.
Can using AI breach my confidentiality obligations?
Yes. Most commercial contracts include confidentiality duties. Entering confidential information into a public AI tool can count as disclosure to a third party and breach those duties, unless an exception applies. Some businesses, such as lawyers and doctors, also owe statutory confidentiality obligations.
We appreciate your feedback! Request your free consultation now.
