What’s already happening
A customer email run through ChatGPT, unnoticed
One free-account password shared across the team
Quotes pasted into tools no one is checking
Three steps, one workable policy.
From the actual situation in the workplace to frameworks your team actually uses.
Step 01
Step 02
Step 03
What an AI policy looks like in practice.
Three risk areas from real work: accounts & access, customer data, and responsibility for output.
Example 01 · Accounts
From one shared account to secure access.
Before
The entire team worked on a single free account, logged in with a generic email address and a password that got passed around. No one had visibility into what was going on; the tool stored company data without anyone realizing it, and the free version lacked the settings to protect data. Everyone used it; no one was responsible.
Now
No more shared logins. Anyone actively working with AI gets their own business account where company data stays protected. The policy defines how you use ChatGPT for business: on which accounts, with which settings, and which contact is centrally configured so everyone works from the same basis.


Example 02 · Customer data
From “is this actually allowed?” to a single rule of thumb.
Before
The question kept coming back: can I paste customer data into an AI tool? The answer depended on who you asked. Some did it without thinking, others didn’t dare. No structure, no guidance, and therefore either too much risk or too much caution.
Now
The policy draws one clear red line around traceable data and makes it concrete with examples in two columns: this can be entered into a tool, this cannot. Plus one rule of thumb that removes any doubt — one question everyone can test for themselves.
Example 03 · Output
From isolated experiments to a shared working method.
Before
Anyone creating something with AI did so on their own. Some delivered sharp copy, others sent out something copied verbatim, full of errors and a tone that made no sense. The quality depended on who happened to be doing it.
Now
The policy states that humans stay ultimately responsible for everything that goes out: fact-checking, proofreading for tone and context, and recognizing AI writing before it’s sent. Plus practical support: prompting tips and shared working methods, so everyone starts from the same level.

Five things that are changing.
How clear frameworks change throughout your entire company.
Customer data remains secure.
Everyone knows which data is and isn’t allowed in a tool. No more shared passwords.
End to shadow usage.
No more shared accounts and hidden tools, but visibility into what is happening.
Your team dares to experiment.
Frameworks provide space; within the lines, you are free to experiment without being afraid of making a mistake.
Quality monitored.
What goes out is checked by a human, not blindly accepted.
Responsible AI use that grows.
A living policy that evolves with new tools and new usage, not a snapshot that becomes outdated.
This is how the process works
Mapping
Who works with what, and where the risks lie: accounts, data, output.
Define frameworks
The red lines and one testable rule of thumb, with a permissive starting point.
Establish
Short, clear frameworks — three to five pages — that adapt to new tools and practices. A living policy.
Make it live
Adapting to new tools and new practices. A living policy.
FAQ
Here are the answers to the most asked questions