Return to site

Playing catch-up with ChatGPT: Navigating Governance and Data Challenges in Organisational Usage and Implementation


Organisations are already playing catch-up in relation to the use by staff of generative AI, such as ChatGPT, as many will already be using these tools to improve their efficiency and performance. This can be a good thing in many contexts as organisations are constantly exploring innovative ways to enhance customer experiences and streamline operations. However, it also means that it is urgent that organisations address the governance and data concerns associated with the use of generative AI. In this article, we delve into the main considerations organisations should bear in mind, ensuring responsible and ethical usage of generative AI while safeguarding data privacy and compliance. The generative AI focused on in this article is ChatGPT, but many of the considerations apply equally to other such technologies including text to image services such as Midjourney or DALL-E 2.

Purpose Limitation

Clearly defining the intended purposes for which ChatGPT should be employed within the organisation is essential. By aligning data collection and usage with these purposes, organisations can ensure that ChatGPT is not utilised for unauthorised or unethical activities. Establishing transparent policies and procedures helps prevent potential misuse while promoting accountability and responsible AI implementation.

Data Privacy and Security

Protecting sensitive data is paramount. Organisations must establish robust measures to secure and protect the data that it collects, stores, and processes. This includes during interactions with ChatGPT. The specifics of data usage and retention may vary depending on the implementation and configuration chosen by the organisation in which ChatGPT is being used. Organisations should clearly communicate their data retention and usage policies to users to ensure transparency and manage expectations. Although, the current version of ChatGPT was trained on data up to September 2021, there needs to be ongoing monitoring and consideration of how this may change. Implementing access controls, regular security audits, and compliance with data protection regulations such as GDPR or CCPA ensures the privacy and security of user information, fostering trust in the organisation's data practices.

Consent and User Rights

Obtaining proper consent from users before collecting and processing their data is vital. Organisations must communicate the purpose of data collection, the usage of ChatGPT, and users' rights regarding their personal information. Establishing mechanisms for users to access, rectify, and delete their data aligns with privacy regulations and fosters a transparent and user-centric approach.

Bias and Fairness

Guarding against biases is crucial when using AI technologies like ChatGPT. Organisations should be aware of potential biases in the training data used to develop the model and proactively monitor its output for unintended biases. It is difficult, however, to be sure on what data ChatGPT has been trained. Even their CEO, Sam Altman, said he didn't know! Regular audits, continuous training, and ongoing evaluation of ChatGPT's performance help mitigate biases, ensuring fairness and inclusivity in interactions with customers or clients.

Transparency and Explainability

ChatGPT operates as a black box model, but organisations should strive to provide transparency and explainability whenever possible. Documenting decision-making processes, factors considered during model development, and providing guidelines for employees to understand ChatGPT's limitations and capabilities fosters human oversight and intervention when needed. Transparent practices build trust and facilitate effective communication with stakeholders.

Training Data and Intellectual Property

Ownership and rights related to the training data used todevelop ChatGPT are a matter of contention. Organisations are required to comply with copyright laws and respect the intellectual property rights of others. Consideration should be given about how best to ensure the use of legally obtained data and avoid any infringement upon copyrights or licensing agreements in order to maintain ethical practices.

Monitoring and Accountability

Implementing mechanisms to monitor and audit ChatGPT's use is crucial for ongoing compliance and accountability. Regular reviews and assessments of the system's performance, impact on privacy, and user experience help identify areas for improvement. Designating responsible individuals or teams to oversee governance and data policies related to ChatGPT ensures effective management and continuous adherence to ethical standards.


Organisations will want to embrace the transformative power of generative AI, but it is essential to address the governance and data challenges associated with its usage. By prioritising data privacy and security, defining purposes and obtaining user consent, mitigating biases, and fostering transparency and accountability, organisations can harness the potential of ChatGPT while maintaining ethical and responsible AI practices. By navigating these considerations thoughtfully, organisations can unlock the true benefits of ChatGPT, empowering both their operations and the experiences of their users. Organisations are already playing catch-up with their staff, so there isn't time to lose.

ps. At Matomico, we see artificial intelligence as our co-worker and so this article was written in colaboration with ChatGPT.

For help in navigating governance and data challenges posed by generative AI, contact

Martin Talks, Director, Matomico Limited