Spell-check for privacy
Blog
Safe AI adoption 9 min read

You have an AI policy. Can you prove it's being followed?

Almost every organisation now has an AI policy. Very few can show what employees actually paste into ChatGPT, Copilot or Gemini. That gap between the document and the desk is the real risk, and it is wider than most leaders assume.

An AI policy on paper versus what employees actually enter into AI tools
Quick answer

An AI policy on paper is not control. It describes what should happen, not what does. As long as you cannot see what sensitive data employees paste into AI tools, compliance is an assumption. GDPR does not ask for a policy, it asks you to demonstrate compliance. Proof starts with visibility at the moment someone types.

01

Almost every organisation has an AI policy, but few can demonstrate it is followed

02

39.7% of all workplace AI interactions contain sensitive data, up from 10.7% two years earlier (Cyberhaven, 2025)

03

GDPR's accountability principle (Article 5(2)) requires demonstrable compliance, not a document

04

Blocking AI tools usually moves the risk to personal accounts and devices, out of all sight

05

Visibility happens at the moment of typing, not afterwards in logs or an annual audit

A leadership team signs off on the new AI policy. Three pages, carefully drafted, reviewed by legal. Staff receive an email: from now on there are rules for using AI at work. Everyone clicks "read and understood". The document goes into the quality system. Box ticked.

Thirty days later, an analyst pastes a customer file into ChatGPT to draft a quick summary. Not out of defiance. She is busy, the deadline is real, and the policy document is the last thing on her mind.

The question is not whether that happens. The question is whether you would see it if it did. For most organisations, the honest answer is no.

A policy on paper is not control

An AI policy describes what should happen. It says nothing about what does. That difference is exactly where the risk sits, and it is wider than most leaders assume. As long as you cannot see what sensitive data employees enter into AI tools, compliance is an assumption. GDPR does not ask for a document. It asks you to demonstrate compliance. And proof does not begin with a signature under a policy. It begins with visibility at the moment someone types.

Why a policy never reaches the behaviour

Most organisations address AI risk in three ways: write a policy, run a training, and sometimes block a few tools. All three are useful. None of them changes what happens the second a colleague wants to get something done quickly.

A policy is an agreement at a distance. It is written, read, and then largely forgotten. Not because people fail to take it seriously, but because a document does not announce itself at the moment that matters. The decision to paste something into a prompt takes two seconds. At that moment the policy is in a folder nobody opens.

Training works on Monday. The mistake happens on Thursday, when the knowledge has sunk beneath the workload. Knowledge is not behaviour. Someone can know perfectly well that client data does not belong in a free chatbot and do it anyway, because the habit is stronger than the rule.

And blocking? It sounds like the safest choice, but it usually delivers the least visibility. Cut off access to AI and you do not get a safer organisation. You get workarounds: a personal account, the employee's own phone, a tool nobody approved. This is shadow AI, and it is harder to govern than the behaviour you were trying to stop.

So the gap is not in the policy. It is between the policy and the practice. And you cannot close that gap with more policy.

What is actually happening

How wide is the gap? The numbers are uncomfortably concrete.

Research by Cyberhaven, based on the behaviour of millions of employees, found that 39.7% of all workplace AI interactions contain sensitive data. Two years earlier it was 10.7%. The data includes source code, customer records, contracts and salary information. Translated into a working week, the average employee pastes something sensitive into an AI tool roughly once every three days.

These are not edge cases. This is the average.

And it shows up in real incidents. Samsung restricted internal use of ChatGPT in 2023 after engineers pasted confidential source code into the tool, where it could no longer be retrieved. In March 2024, the US House of Representatives banned staff from using Microsoft Copilot, after its Office of Cybersecurity judged that the tool risked exposing House data to non-approved cloud services. In both cases the organisations were not careless. They simply discovered, after the fact, what was actually being entered.

That after-the-fact pattern is the point. The policy existed. The visibility did not.

The objection, taken seriously

Here is the objection I hear most: "Watching what employees type feels like Big Brother. We trust our people."

That is a fair concern, and it deserves an honest answer. Individual surveillance, looking over the shoulder of who typed what, has no place in a workplace built on trust. It meets resistance from staff and from worker representatives, and that resistance is healthy.

But visibility and surveillance are not the same thing. The difference is the level at which you look. You do not need to know that one named person pasted a specific sentence at 2:12pm. You want to know which categories of sensitive data appear in which tools, how often, and whether the number of risk signals falls after you change something. Those are aggregated figures, not files on people.

Trust and proof are not in conflict. You trust your accounts, and you still have an auditor look at them. Not to catch anyone, but to be able to show that they are sound. The same applies to AI use. The goal is not to reveal who got it wrong. It is to help people before a mistake becomes an incident.

From policy to proof

Ask yourself five questions. They are uncomfortable, and that is the point.

  1. Can you show which categories of sensitive data are going to AI tools in your organisation? Not suspect, but demonstrate.
  2. Do you know which tools it happens in? Approved tools, or the free versions where input may be retained for training?
  3. Would you see it if an employee pasted a customer file into a chatbot today? Or would you only hear about it when a breach notification is already filed?
  4. Does the number of risk signals fall after you run a training or set a rule? Without measurement, you do not know whether you achieved anything.
  5. Can you show all of this without naming individual employees? Otherwise you get resistance instead of compliance.

If you cannot answer these with figures, you have a policy but no proof. And GDPR's accountability principle, Article 5(2), asks for the second one: demonstrable compliance. Since February 2025, the EU AI Act's AI-literacy obligation sits on top of that.

The practical step is not to write more policy, but to add visibility where the risk begins: the moment of entry. Start small. Measure what actually happens for two weeks. That single insight changes the conversation with your team more than a tenth draft of the policy document.

And that visibility does not have to be about individuals. At board level you want aggregated figures: how much sensitive data was detected, in which tools, which data types recur, and whether the line falls after you change something. This is what that proof layer looks like:

Detections over timeLast 30 days
12,438+18% vs last month
Top sources
ChatGPT
8,124
Gmail
3,210
Gemini
812
BeeSensible dashboard: aggregated detections and top sources, without monitoring individuals.

No files on who typed what, just a trend and a ranking of sources. Enough to make your AI policy demonstrable, and to see where a conversation or a tighter rule is needed.

Where BeeSensible fits

You can help your people at exactly the moment that matters. BeeSensible recognises sensitive information in text fields, including AI tools, as someone types. Through the desktop app, detection runs entirely on the device; for browser-only use it runs in working memory on a BeeSensible EU server. Either way the text is discarded after analysis and nothing is stored. What is in there, a name paired with an account number, an IBAN, a national ID, is marked before it is sent. The employee decides: remove it, replace it with a placeholder, or send anyway.

Here is what that looks like the moment someone types a prompt:

ChatGPT5
Can you summarise this client file into a short status update for my manager?
Of course. Paste the details and I'll turn them into a concise summary.
Summarise this client file for my manager: Daniel Brooks, IBAN GB29NWBK60161331926819, phone 07700 900123. He has missed his last two payments.
ChatGPT can make mistakes. Check important info.

For leadership, something else appears: aggregated visibility into which data types and which tools create risk, without tracking individuals. That is the difference between a policy you hope is followed and a policy whose effect you can show.

Signing off an AI policy is easy. Proving it works is the real task, and it is exactly what most organisations are missing. The gap between what the document says and what happens in a prompt field on a Thursday afternoon does not close with another document. It closes by gaining visibility at the moment itself: not to block, not to catch, but to make sensitive information visible before it leaves the organisation. Policy is the promise. Proof is what your regulator, your client and your own board will eventually ask you for.

FAQ

Common questions

Is an AI policy required under GDPR?

GDPR does not mandate a specific AI policy, but Article 5(2), the accountability principle, requires you to demonstrate that you comply with the data protection principles. A policy document is a starting point, not proof. Since February 2025, the EU AI Act also obliges organisations to ensure AI literacy among staff who work with AI systems.

Why isn't an AI policy on paper enough?

A policy describes intended behaviour, not actual behaviour. Research shows most employees do not remove sensitive information before using AI, not out of defiance, but because they do not think of it in the moment. Without visibility into what is actually entered, you cannot demonstrate compliance and therefore cannot correct course.

How can you prove an AI policy is being followed?

By gaining visibility at the point of entry: which categories of sensitive data appear in which tools, how often, and whether employees take action. That produces aggregated, demonstrable evidence, instead of the assumption that the policy is being followed.

Is blocking AI tools the answer?

Blocking usually relocates the risk to personal accounts and personal devices, beyond any visibility. This is shadow AI. Guiding people at the moment of entry gives you more control than a block that gets routed around, and it keeps approved tools usable rather than driving people to unmanaged ones.

What is the difference between monitoring and visibility without blaming employees?

Individual surveillance rightly meets resistance from staff and works councils. Aggregated insight does not: you see which data types and which tools create risk, without naming any individual. The goal is to help people before a mistake becomes an incident, not to catch them afterwards.

What are the consequences of a sensitive-data leak through an AI tool?

Under GDPR, pasting personal data into a consumer AI tool can constitute a personal data breach, reportable to the supervisory authority within 72 hours where there is risk to individuals. Fines can reach 20 million euro or 4% of global annual turnover. Liability rests with the organisation, and the reputational damage often outlasts the fine.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.