Artificial intelligence (AI): dos and don'ts for data protection

Take a look at our tips to make sure you stay compliant with data protection around the use of artificial intelligence (AI) tools. Share them with your team to make sure everyone is on the same page.

Last reviewed on 28 November 2025See updates

School types: All•School phases: All•Ref: 46617

Contents

Do understand how AI uses the data you input
Don't enter personal information into AI tools unless strictly necessary
Do only use secure and trusted AI tools to process personal data
Do think about the impact of new AI tools
Do review your policies
Do teach pupils about using AI safely
Do make sure staff training is up to date
Don't prepare specific material on AI data protection for Ofsted
Try out KeyGPT, our AI-powered assistant

Do understand how AI uses the data you input

Many generative AI tools use the data you input to learn and improve their outputs. This is known as 'training'. It means they might share any information you give them with other users, including personal data.

It's not always clear whether an AI tool uses your inputs for training. If you're unsure, you can:

Ask your data protection officer (DPO) or IT lead
Read the privacy policy for that specific product

Some tools allow you to opt out of your data being used for training, but you should still be cautious about the data you input.

Don't enter personal information into AI tools unless strictly necessary

The DfE's guidance on AI recommends that personal data is not used in generative AI tools unless strictly necessary.

Write anything that contains pupils' names Enter sensitive data to help plan a safeguarding report Use pictures of pupils

Do understand how AI uses the data you input

Don't enter personal information into AI tools unless strictly necessary

Want to continue reading?