Quick Guide · Data handling

How to Plan What Happens to Data After AI Use

Decide what to keep, move, restrict, review or delete after an AI task instead of leaving data behind by accident.

The idea to keep

The task is not finished until the data has a clear destination and review trigger.

Best for

  • Customer-support transcripts
  • AI-generated drafts and extracts
  • Personal or confidential data

What you need

  • Outputs and source data
  • Retention and access rules
  • An owner and delete trigger

Give every output a destination

1

Identify what was created

List the source data, prompt, output, export and copied version.

2

Decide retention value

Keep the approved outcome; do not retain scratch material just because it exists.

3

Assign destination and access

Name the system of record, permitted users and restricted version.

4

Set a review or delete trigger

Choose a date, event or owner that checks whether the data is still needed.

Example

Customer-support transcript

Keep Approved outcome and final response in the case record.
Move Relevant source evidence to the restricted case folder.
Restrict Raw personal data to authorised support staff.
Delete Scratch copies after the case review.

Check before you use it

  • Source and output identified.
  • Access limited appropriately.
  • Destination is the right system.
  • Review or delete trigger visible.

Common mistake

Keeping every copy “just in case” without deciding which version is authoritative.

Nova9 view

Data handling is part of the task

A clear after-use decision prevents accidental retention and makes accountability visible.

See the ICO guidance on AI and data protection.