5 Data management

If you are building a tool in-house or creating a bespoke solution in partnership with a technology company, you need to consider data quality, preparation and use.

You need to think carefully about the data you use to train a model – do you have data management systems? Are you using anonymised data? The inclusion of confidential information or personal data into these tools has serious consequences.

If you are processing personal data you must comply with GDPR requirements. This includes obtaining proper consent, ensuring data minimisation, and implementing appropriate security measures.

Assuring data security is an essential element when incorporating AI in line with data protection regulations. Implementing both technical and organisational strategies, including access controls, encryption and data backups and recovery processes, is vital in reducing potential risks and maintaining data protection standards.

Cyber firm Lasso did some research and found that 13% of employee-submitted prompts included security and or compliance risks – 13% of GenAI Prompts Leak Sensitive Data – Lasso Research. There is a need for clear internal policies and staff training if an organisation does decide to use GenAI, which is discussed further in section 8 of this course.

Whatever tool you are using (off the shelf, in-house or bespoke), you need to consider data protection and evaluate the tools for compliance with GDPR and data protection laws. The sixth course, Navigating risk management, explores risk management and the seventh course, Understanding legal regulation and compliance, explores legal regulation in more depth. The Law Society has produced some guidance on GDPR for solicitors | The Law Society.