Keeping your data under your control
Where does your data actually go when your team uses AI? A plain-language guide to the risks worth knowing and the decisions worth making, from a casual ChatGPT prompt to running AI on your own systems.
For the people responsible when AI touches company data
When AI gets used with your data, responsibility rarely sits in one place. These are the four leaders I most often work with — each worried about a different edge of the same problem.
"Could this become a headline?"
You want AI moving the business forward, not becoming the story you never wanted to read — and a straight answer without the jargon.
"What reaches the model?"
You're setting the boundaries on data flow before teams wire AI into products, workflows, and production systems.
"What are people actually using?"
You own the tools, approvals, and access — and you need shadow AI visible enough to govern without driving it underground.
"Can we prove the controls hold?"
You need the controls to survive real use and stand up to audit — not just look right in procurement.
Not sure where your biggest gap is? Start with the 5-minute readiness assessment →
How careful do you need to be?
It comes down to two things: how sensitive your data is, and how deeply AI is involved. Find your row and your column below. Where they meet shows how much caution the situation calls for. Tap that cell to jump straight to what to do. Prefer this as a personalized report? Take the 5-minute assessment →
The higher the risk, the more caution you need:
- Low risk: everyday hygiene is enough
- Medium risk: pick the right accounts and settings
- High risk: you need contracts, data residency and access controls
- Critical risk: keep it private or self-hosted, and monitor it
What you're really deciding
Every level below is the same five questions asked with rising stakes. Keep them in mind as you read.
- 1 Where does the data physically go? Which country, and which company?
- 2 Who can see it, and is it used to train their models?
- 3 Is it retained, and can you have it deleted?
- 4 Who can access the data? And who approves the AI tools that touch it?
- 5 If you had to, could you run the AI on your own servers instead of a vendor's?
From casual use to full control
Casual & individual use
One person, a chat window, a quick task
Someone opens ChatGPT, Copilot or Gemini to draft an email, summarize a document, or brainstorm. No integration, no shared account, just a browser tab.
- Consumer accounts may use your conversations to train the model by default.
- Whatever is pasted in has left your building. Treat it like a public email.
- "Shadow AI" (tools nobody approved) usually starts here.
- Consumer or business account? (Business/Enterprise tiers change the data terms.)
- Turn off "improve the model for everyone" / training toggles.
- Agree one rule everyone remembers: never paste secrets, source code, or customer data.
- Publish a one-page "OK / not OK to paste" list.
- Prefer accounts with training switched off.
- Name a person in your company people can ask "is this tool alright?"
Team use with business data
Shared workspaces, real work product
A team adopts an AI workspace, meeting-notes tool, or coding assistant that touches internal documents, plans and code, under shared or company accounts.
- Business & Enterprise tiers usually promise "we don't train on your data." Verify it in writing.
- You now have a vendor relationship, not just a login, and that needs an agreement.
- Admin controls and single sign-on decide who is actually inside.
- Which tools are approved, and who owns the list?
- Do you have a Data Processing Agreement (DPA) with a no-training clause?
- How do you log in and manage access? Use SSO and role-based access, not a shared password.
- Keep a short approved-tools register with the signed DPA linked.
- Enforce SSO; remove access when people leave.
- Do a five-minute vendor check before adoption (see the checklist below).
Sensitive & proprietary data
Customers, finance, HR, source code, IP
AI now touches data about real people or the business's crown jewels: a CRM, support inbox, HR records, financials, or source code and trade secrets. GDPR, contracts, and confidentiality apply.
- Where the data is processed (EU vs US) is now a legal question, not a preference.
- Every sub-processor in the chain inherits your obligations.
- You need to answer "can we delete it and prove it?"
- Data residency: EU-hosted or a private endpoint (Azure OpenAI, AWS Bedrock)?
- What gets redacted or masked before it ever reaches a model?
- Which IP is so sensitive it must never reach a third-party model, or appear in prompt or output logs?
- Retention and deletion terms, plus audit logging of who accessed what.
- Use EU-region or private model endpoints for regulated data.
- Sign DPAs, map sub-processors, set retention to the minimum you need.
- Redact before sending; log access; review it periodically.
System integration & control
AI wired into your systems and automations
AI is no longer a chat window. It's connected to your systems through APIs and agents, reading and acting on data automatically.
- An automated system can leak or act at scale, faster than a person would notice.
- Whatever credentials and permissions you give the AI, it effectively has.
- This is where self-hosting or open-weight models become a real option.
- Private or VPC deployment, and how tightly to scope each permission and secret.
- Where a human must approve before the AI acts.
- How much you keep in-house: self-hosted open-weight models for the most sensitive paths.
- Isolate the network; give the AI the narrowest permissions that work.
- Keep a human in the loop for consequential actions; log everything.
- Monitor for anomalies. Treat the AI like any other privileged system.
The quick data-control checklist
A one-minute self-check. If you can tick these, your data is broadly under control.
- We know which AI tools people actually use, including the unofficial ones.
- Model-training on our data is switched off wherever we can switch it.
- Anything touching customer or regulated data runs under a signed DPA.
- We know which country our sensitive data is processed in.
- We've flagged the IP that must never be sent to a model or written to a log.
- Access is tied to SSO and removed when people leave.
- For integrated/automated AI, permissions are scoped and actions are logged.
- Someone owns the approved-tools list and answers "is this tool OK?"
The Enterprise AI Data-Control Checklist
A longer, print-ready version to take into a vendor review or team workshop. You'll see it on-screen right away, and I'll email you a copy too.
Not sure which level you're at?
That's the most common place to start. As a former CTO, I help teams find where they stand and reach the controls that fit. No slowdown, no sales pitch, just a clear read on your risk.