Resources · 11 June 2026

Can accountants use ChatGPT with client data? UK confidentiality and GDPR

It is the question almost every practice is quietly asking: can we put client data into ChatGPT? The useful answer is not a flat yes or no. It depends on the account, the data, and the controls around it.

The default answer: not in a free consumer account

A free or personal ChatGPT-style account is the wrong place for client data. The reasons are practical:

• Consumer tiers may use your inputs to train the model, which means client data could influence outputs to other users. That is incompatible with confidentiality.
• There is usually no Data Processing Agreement (DPA), which you need when a third party processes personal data on your behalf.
• You have little control over retention and location of the data.

So the blanket rule for a practice is simple: client-identifiable or financial data does not go into free or personal AI accounts. That single line removes most of the risk.

When it can be acceptable

AI can absolutely be used in a practice. The safe version looks like this:

• An approved, business-grade tool. A paid business or enterprise tier, or AI features inside accounting software you already trust, where the terms say your data is not used for training and a DPA is in place.
• Minimised data. Strip out names and identifiers where you can. Often you can get the same help by asking about an anonymised scenario rather than the real client.
• Human review. AI output is checked by a competent person before it is used. AI is confident even when wrong, and a wrong figure or misstated rule is your problem, not the tool’s.
• Awareness of confidentiality and professional duties. Where your engagement terms or professional bodies (such as the ICAEW, ACCA or ICB) impose stricter limits on outsourcing or data processing, those rules take precedence.

A simple test for staff

Before pasting anything into an AI tool, ask: would I be comfortable if this exact text appeared somewhere outside the practice? If the answer is no, either the tool must be one approved for that data, or the data needs anonymising first. When in doubt, leave it out and ask.

Make it a rule, not a hope

The way to make this stick is not a one-off email. It is a short AI acceptable use policy, an approved-tools list so staff know which tools are fine for what, and a one-page guide they can actually remember. That turns “be careful with AI” into something the whole practice applies consistently.

Our AI Safe-Use Pack for accountants and bookkeepers gives you all of that as editable documents, including a data classification guide that spells out what may go into AI tools and what may not. If you want the sector-neutral version, the general pack covers the same ground.

This article is general information, not legal or professional advice. Check your own obligations and your professional body’s guidance before relying on AI with client data.