What I do · 02

Safe AI adoption for your business

AI can already do genuinely useful work inside a normal business. The danger is handing tools access to things they should never be able to touch. I do the groundwork that makes AI safe to use: map the data, lock it down, set the rules, and then let your people get on with it.

How to adopt AI safely

The businesses getting real value from AI aren't the ones with the boldest tools. They're the ones that did the unglamorous groundwork first, so nothing their people try can break something that matters. The order of work:

  1. Map what you actually have. Systems, data, spreadsheets, the folder nobody admits to. You can't protect what you haven't found, and most businesses are surprised by their own map.
  2. Lock it down before you switch anything on. Every person and every AI tool gets access to exactly what it needs and nothing more. This is the step most AI roll-outs skip, and it's the one that prevents the horror stories.
  3. Make everything undoable. Backups, version history, nothing deletable in place. If a change can always be reversed, experimenting stops being dangerous.
  4. Write the rules down. A short AI policy people will actually read: which tools, which accounts, what never gets pasted in, when a human checks the output.
  5. Start where mistakes are cheap. Internal, tedious, high-volume work first. Not customer-facing decisions, not anything you couldn't apologise for.
  6. Roll out at your own pace, and measure. Every automation should be able to say what it saves. If it can't, it's a toy.

None of this is glamorous. All of it is the difference between AI that quietly compounds value and AI that ends up in an incident report.

The groundwork is a readiness assessment

The first phase of an engagement is effectively an AI readiness assessment, except I don't just assess, I also do the locking down. You get:

  • A map of your data and systems, including the parts nobody had written down
  • An access map: who and what can reach which data, tightened to what each actually needs
  • The safeguards themselves: backups, version history, undo for everything
  • A risk list in plain English, ordered by what would actually hurt
  • A short AI policy written for your business, not downloaded from a template mill
  • A prioritised list of quick wins: the tedious work AI should take off your people first

How it usually works: we map the data first, and after that you roll things out at whatever pace suits the business.

What your people can do afterwards

With the groundwork in place, your team is free in a way that surprises people. They can ask real questions of your data, automate the parts of their job they've always resented, and even build their own small tools, because there's nothing they can do that would break something that matters.

This is most of what I do now, and to be honest it's the most useful I've ever been. The pattern repeats across every business I've done it for: the value doesn't come from one big AI project, it comes from dozens of small safe ones that nobody had to ask permission for.

Impartial, by design

I have no software to sell you, no reseller agreements and no favourite platform I need to push. If the right tool is one you already pay for, that's what I'll recommend. If the right answer is that a spreadsheet and a tidy process beat an AI subscription, you'll get that answer.

Twenty-five years of business analysis came before the AI, and it shows in the method: understand the business first, then pick the tools, never the other way round.

Workshops

If you're at the "everyone keeps saying AI and I don't know where to start" stage, start with a workshop. Half a day, around Leeds or on a call, with your leadership team or the whole business: what AI can and can't do for your specific work, live, with your real questions on the table. I've run over a hundred business events and workshops, and this one is the fastest way I know to replace AI anxiety with an actual plan.

When the answer is "don't use AI for this"

Part of adopting AI safely is knowing where it doesn't belong. I'll tell you not to use it when:

  • The decision has to be explainable to a regulator and no human is reviewing the output
  • An error would be irreversible, or someone's safety or livelihood hangs on it
  • The data isn't ready, because automating chaos just produces faster chaos
  • A simple rule or a spreadsheet would do the same job with none of the risk
  • Nobody can say what a good result looks like, so nobody can check for a bad one

AI is a power tool. Some jobs still want a screwdriver.

Common questions

How do I adopt AI safely in my business?

Do the groundwork before the tools. Map what data and systems you actually have, lock them down so every person and every AI tool can reach exactly what they need and nothing more, make every change undoable, and write the rules down in a short policy people will actually read. Then start where mistakes are cheap: internal, tedious, high-volume work, not customer-facing decisions. Roll out at your own pace and measure what it saves.

Does a small business need an AI policy?

Yes, and one page is usually enough. It should say which tools are allowed and which accounts to use, what data must never be pasted into them, when a human has to review the output, and who owns the decision when something is unclear. The point isn't compliance theatre; it's that your team will use AI either way, and a short clear policy is the difference between them doing it safely and doing it quietly.

What is an AI readiness assessment?

A structured look at whether your business is set up to use AI safely and usefully: where your data lives and what state it's in, who and what can access it, where the risks are, and which processes would benefit first. Mine produces a data and access map, a plain-English risk list, a short AI policy and a prioritised list of quick wins. It's the groundwork phase of everything else I do with AI.

Is it safe to put company data into ChatGPT, Claude or Copilot?

It depends entirely on which tier and settings you're on. Business plans with training turned off, proper access controls and sensible retention are a different world from someone's personal free account. The rule I set up for clients: sensitive data only ever goes into tools the business has vetted and configured, on business accounts, and some categories of data never go in at all. That rule needs writing down, which is what the AI policy is for.

What about UK GDPR and client confidentiality?

The rules don't change because the tool is clever. Personal data still needs a lawful basis, appropriate safeguards and honest answers about where it goes; confidential client work still carries the duties you signed up to. UK GDPR doesn't ban AI, it bans carelessness. The lock-down-first approach exists precisely so those questions are answered before anyone pastes anything anywhere.

Do you run AI adoption workshops?

Yes. A half-day session, around Leeds or remote, for leadership teams or whole businesses: what AI can and can't do for your specific work, live, with your real questions on the table. It's the fastest way to replace AI anxiety with an actual plan.

What does safe AI adoption cost?

The groundwork is a fixed fee, agreed up front and sized to your business after an initial conversation. After that you roll things out at whatever pace suits you, with as much or as little of me as you need. There's no platform subscription and no reseller margin hiding anywhere; I have nothing to sell you except the thinking.

Keep reading

The rest of what I do

Contact

Wondering what AI should do in your business?

Tell me where you are with it, even if the answer is "nowhere yet, and slightly nervous". I'll be straight with you about what would help, what wouldn't, and what to do first.

Or use the contact form. Based in Leeds and working anywhere.