5 Things to Consider Before Implementing AI in Your Organisation

Abstract representation of artificial intelligence concepts in a business setting

5 Things to Consider Before Implementing AI in Your Organisation

At Network Fish, we’ve been helping London businesses navigate technology for over two decades. Lately, one question keeps coming up in almost every client conversation: “Should we be using AI?” The honest answer is: probably yes, but not without thinking it through first.

We recently worked with a charity in the equality and inclusion space to help them develop their AI policy and best-practice framework. The process surfaced some genuinely important questions that apply to any organisation, whatever your size or sector. Here’s what we think every leadership team should consider before jumping in.


1. Does your AI use align with your values and mission?

This might sound obvious, but it’s the question most organisations skip. AI tools are only as good as the intentions behind them. For a charity working to tackle discrimination, any AI framework had to actively advance equality, not just be neutral to it. The risk of inadvertently embedding bias into automated processes was real and had to be designed against from the start.

Whatever your organisation does, ask yourself: could AI use – however well-intentioned – conflict with what we stand for? Could it erode the trust of the people we serve? Get that question on the table early, at board level.


2. What data are you handling, and what are the rules?

This is where things get serious. If your organisation works with any sensitive personal data and most do, you need to understand exactly what happens to that information when it passes through an AI tool.

For charities and organisations handling reports of discrimination, medical information, financial details, or any other special-category data under UK GDPR, the rules are strict. Using a public AI tool and inadvertently inputting confidential client data isn’t just a policy breach it could result in ICO scrutiny, regulatory fines, and serious reputational damage.

A practical starting point for many organisations already working within Microsoft 365 is to keep AI interactions within your existing Microsoft tenant using tools like Microsoft 365 Copilot. This way, data processing stays within your own secure environment rather than being sent to third-party servers you don’t control.

The key question to ask before using any AI tool: where does our data go, and who can see it?


3. Who is responsible, and what can AI actually be used for?

Before you roll anything out, you need two things clearly defined: who is in charge, and what the rules are.

On governance, every organisation should designate someone – a senior staff member or an “AI Champion” – who is accountable for how AI is used. This person owns the approved tools list, the approval process for new tools, and the incident response plan if something goes wrong. Without this, you end up with a patchwork of staff using different tools in different ways, with no oversight and no consistency.

On permitted use, be specific. Draft a clear list of approved use cases (writing first drafts of internal documents, summarising meeting notes, drafting campaign copy) and a clear list of prohibited ones (using AI to make final decisions on sensitive cases without human review, inputting personal data into unvetted public tools). Clarity here protects both your organisation and your staff.


4. How much AI is too much?

A useful working principle: AI should support your people, not replace their judgement. One practical threshold worth considering is that AI assistance should generally account for less than half of any final output. This helps preserve the authentic human voice that donors, clients, and stakeholders are connecting with and it keeps accountability where it belongs: with your team.

Transparency matters here too. If AI has been used to produce content, be willing to say so. Audiences are increasingly aware of AI-generated material, and getting caught pretending otherwise does far more damage than simply being honest. A brief disclosure and a genuine human editorial hand is a far stronger position than denial.


5. Where should you start?

The temptation is to try to solve everything at once. Resist it.

The most effective approach is to identify the one or two areas where AI could make the biggest practical difference with the lowest risk, and start there. Depending on your organisation, that might be grant writing, scaling education programmes, internal knowledge management, or marketing content.

From there, the recommended path is straightforward: form a small working group (senior leadership, IT, and a relevant subject-matter expert), review existing AI policy templates from organisations like NTEN or GlobalGiving as a starting point, pilot with a low-risk use case, and then train your staff and publish a brief public summary of your policy. That last step matters more than people think, it signals to your stakeholders that you’re approaching this responsibly and positions you as a thoughtful leader rather than a reluctant follower.


The bottom line

AI genuinely can help your organisation do more with less, processing more efficiently, reaching more people, and freeing up your team to focus on the work that actually requires a human. But the organisations that will benefit most are those that approach it deliberately: with clear policies, strong governance, and a commitment to keeping people at the centre of every decision.


In the spirit of transparency – and practising what we preach – approximately 50% of this article was produced with AI assistance, and reviewed and edited by the Network Fish team.

If you’d like help developing an AI policy or exploring which tools are right for your organisation, we’d love to have that conversation.

Get in touch with the Network Fish team at www.NetworkFish.com or call +44(0)207 403 4031.

Frequently asked questions

Why should we think carefully before implementing AI rather than just getting started?

AI tools can genuinely help your organisation work more efficiently, but the organisations that benefit most are those that approach it deliberately rather than reactively. Rushing in without clear policies, governance, or an understanding of how your data is handled creates risks that are much harder to fix after the fact than before. A small amount of planning upfront — defining what’s permitted, who’s responsible, and where your data goes — saves significant time and avoids exposing your organisation to regulatory, reputational, or operational problems.

What are the main data protection risks when using AI tools?

The primary risk is inadvertently passing sensitive or confidential data through a public AI tool that processes or stores that data on third-party servers you don’t control. Under UK GDPR, organisations handling special-category data — including anything related to health, finances, or protected characteristics — have strict obligations about where that data goes and how it’s processed. Using an unvetted public AI tool and inputting client or staff data into it could constitute a data breach, with potential ICO scrutiny and regulatory fines. The practical starting point for most organisations already using Microsoft 365 is to keep AI interactions within your existing Microsoft tenant, where your own data governance and security policies apply.

What is Microsoft 365 Copilot and how does it keep our data secure?

Microsoft 365 Copilot is an AI assistant built into Word, Excel, PowerPoint, Outlook, and Teams that works within your existing Microsoft 365 environment. Unlike public AI tools, Copilot is grounded in your organisation’s own data through Microsoft Graph, and all processing stays within your Microsoft tenant rather than being sent to external servers. This means your existing data governance, security policies, and access controls apply to Copilot interactions in the same way they apply to the rest of your Microsoft 365 use. See our Microsoft 365 Copilot page for more detail on what it does and what it costs.

Who should be responsible for AI governance in our organisation?

Every organisation implementing AI should designate a specific, named person — a senior staff member or AI Champion — who is accountable for how AI is used. This person owns the approved tools list, the process for vetting new tools, and the incident response plan if something goes wrong. Without a named owner, you typically end up with different staff using different tools in different ways, with no oversight, no consistency, and no clear line of accountability if a problem occurs.

What should an AI acceptable use policy actually cover?

At a minimum, a practical AI acceptable use policy should define which tools are approved for use, which use cases are permitted (drafting internal documents, summarising meeting notes, generating first drafts of content), and which are explicitly prohibited (making final decisions on sensitive cases without human review, inputting personal or confidential data into unvetted public tools). It should also specify who approves new tools, how AI use should be disclosed to clients or stakeholders where relevant, and what to do if something goes wrong. Starting with a short, practical document rather than a lengthy policy nobody reads is usually more effective.

How much AI assistance in written content is acceptable?

There’s no universal rule, but a useful working threshold is that AI assistance should account for less than half of any final output. This preserves the authentic human voice that clients, donors, and stakeholders are connecting with, and keeps accountability where it belongs — with your team rather than a tool. Transparency about AI use matters too: a brief disclosure combined with genuine human editorial oversight is far more credible than pretending it wasn’t used.

Where should we start if we want to implement AI responsibly?

Start with the one or two areas where AI could make the biggest practical difference with the lowest risk, rather than trying to solve everything at once. Form a small working group (senior leadership, IT, and a relevant subject-matter expert), identify a low-risk pilot use case, and test it properly before expanding. Train your staff and publish a brief summary of your AI policy — this signals to your stakeholders that you’re approaching AI responsibly. If you’d like help, get in touch or call +44 (0) 207 403 4031.

Does Network Fish help organisations develop AI policies?

Yes. As described in this post, we recently worked with a charity in the equality and inclusion space to help them develop their AI policy and best-practice framework. If your organisation is working through similar questions — whether you’re just getting started or refining an existing approach — we can help you think through governance, data handling, tool selection, and staff training. Get in touch to discuss your specific situation.