AI, data and security: Key insights for in-house lawyers and business leaders
As artificial intelligence rapidly transforms how organisations operate, the challenge isn't simply whether to adopt AI, it's how to do so safely, compliantly and strategically.
Our recent Ascensus event in Birmingham brought together experts from across regulatory, compliance, cyber security and employment law to talk about the complex AI, data and security questions businesses are grappling with.
From managing supplier risk and navigating emerging regulations, to embedding AI and data governance into organisational culture, the event highlighted a crucial message: successful AI adoption requires more than technical know-how. It demands a holistic approach that identifies security risks early, involves the right stakeholders and moves organisations from reactive crisis management to proactive, confident decision-making.
Below are some of the key takeaways from the event.
Preventing and bouncing back from cyber attacks
Francis Katamba, data privacy and cybersecurity lawyer, outlined the three critical phases organisations must address:
- Prevention and mitigation
- Responding to incidents
- Recovery
Data protection officers and cybersecurity teams must work together, not just to stop attacks, but to bounce back fast if they happen. It's important to plan for recovery, not just rely on prevention.
Here’s what organisations should action now:
- Check if they are in scope of current and anticipated cybersecurity legislation.
- Manage supply chain risk using due diligence, contractual terms and other legal controls.
- Update internal and external facing policies and other legal documentation.
- Review current levels of cybersecurity and build a holistic governance framework that looks at cyber related risks across the different phases of the data lifecycle.
The Data (Use & Access) Act 2025
Richard Nicholas, commercial lawyer, discussed the wide-ranging impact of the Data (Use & Access) Act 2025 (DUAA) and how it will alter how the UK manages data.
The DUAA act, which aims to ensure the secure and effective use of data, revises the restrictions on fully automated decision-making from Article 22 of the UK GDPR, and will allow automated decisions, including those determined by AI and algorithmic processes.
Organisations should consider:
- Updating privacy notices if necessary.
- If online services are likely to be used by children, age verification will be required.
- Ensure all marketing is compliant and in line with regulatory requirements.
Policies alone are not enough: The key role of in-house lawyers
Rachel Lyne, regulatory lawyer, emphasised the importance of the in-house legal team in embedding effective governance, risk and compliance policies that avoid a business operation in constant ‘critical response’ mode.
"Policies are only as good as your understanding and training," she noted. Enabling the legal team to be involved in decision making through a compliance lens helps to:
- Create a competitive advantage.
- Deliver stakeholder confidence.
- Position the legal team as an integral part of the business, helping to deliver success.
From an employment perspective, Maz Dannourah, focused on the latest updates on the Employment Rights Bill which will require businesses to continue to keep its policies front of mind and remain prepared and agile.
He highlighted that the challenge lies in keeping pace with AI-driven workplace changes whilst protecting employee rights.
AI and the in-house lawyer
Our panel discussion between Lauren Webb, Principal Lawyer, Data & AI at BT, Victoria Hustler, Executive Director at Quotient Sciences and Oliver Geidel, Associate Director, Research Contracts & Compliance at University of Bristol reinforced a clear message: identifying risks early and involving the right stakeholders is vital to allow organisations to enable safe AI use.
As one panellist put it, "Keep your legal hat on and stick with your gut feeling. There will be bias."
What next?
We understand the implications of AI adoption on your business, and we're here to help. If you're navigating AI, data and security challenges and have questions or concerns, please get in touch.
For more details on our Ascensus events, please contact our Client Programme Manager, Khara Rogers, at Khara.Rogers@brownejacobson.com.
Contributors
Francis Katamba
Partner
Richard Nicholas
Partner
Rachel Lyne
Partner
Maz Dannourah
Legal Director
Contact
Richard Nicholas
Partner
richard.nicholas@brownejacobson.com
+44 (0)121 237 3992
Discover more
You may be interested in
Legal Update
AI, data and security: Key insights for in-house lawyers and business leaders
Podcast - #EdInfluence
#EdInfluence podcast (series 5): In conversation with inspiring leaders
Podcast - #EdInfluence
#EdInfluence podcast (series 4): In conversation with inspiring leaders
Legal Update - Ascensus newsletter
Ascensus newsletter: July 2025
Legal Update - Ascensus newsletter
Ascensus newsletter: November 2024
Legal Update
Breaking the glass ceiling: Empowering female leadership in the food and drink sector
Podcast - #EdInfluence
#EdInfluence podcast (series 3) - in conversation with inspiring leaders
Legal Update - Ascensus newsletter
Ascensus newsletter: November 2024
Legal Update - Economic Crime and Corporate Transparency Act
Economic Crime and Corporate Transparency Act 2023 – what does it mean for my company?
Legal Update
Checklist for Heads of Legal: How to prepare for the Patient Safety Incident Response Framework (PSIRF)
Press Release
Browne Jacobson launches specialist Ascensus programme for in house lawyers and business leaders
On-Demand
Ascensus – the programme for in-house lawyers and business leaders’ launch event
Legal Update
A pandemic legacy: flexibility
Legal Update
A rise in strikes, riots and civil commotion set to test businesses
Legal Update
Assigning your contracts – a timely reminder
Legal Update
Pitfalls for retailers to avoid when offering access to ‘buy now, pay later’ products
Press Release - #BeingBrowneJacobson
Becoming O Shaped: Championing positive change
Press Release
UK and Ireland law firm Browne Jacobson joins UKREiiF 2023
Opinion
Mopping up after a leak – how businesses can take steps to protect their confidential information
On-Demand
NSIA: the thorn in the side of M&A?
Press Release - #BeingBrowneJacobson
Putting values into action: creating an ethical supply chain
On-Demand
Employment update webinar
On-Demand
The Subsidy Control Act 2022. Putting the new regime into practice
Press Release
Browne Jacobson appoints former KPMG senior partner as Non-Executive Director of its Energy & Infrastructure sector group
Press Release
Suzanne Harlow joins Browne Jacobson as Non-Executive Director
Law firm Browne Jacobson is pleased to announce that Suzanne Harlow has been appointed Non-Executive Director of its Retail, Consumer & Logistics sector.
Press Release
Former Mace Group Legal Director joins Browne Jacobson as Non-Executive Director of its Construction & Real Estate sector
Browne Jacobson has appointed Amy Chapman, the former Group Legal Director of global built environment experts Mace Group, as its first Non-Executive Director (NED) of its Construction & Real Estate sector strategy board.
Press Release
Browne Jacobson announces former Aston Martin Vice President as Non-Executive Director of its Manufacturing & Industrials sector
Law firm Browne Jacobson has appointed former Vice President and Chief Planning Officer (CPO) of Aston Martin Lagonda, Nikki Rimmington as its first Non-Executive Director (NED) of its Manufacturing & Industrials sector strategy board.
Press Release
Browne Jacobson appoints its first Non-Executive to Chair to support its corporate sector strategy board
Published Article
The role of Legal Project Management in public sector projects
The concept of Legal Project Management (“LPM”) is increasingly relevant to the delivery of legal services, both in-house functions and private practice law. This is unsurprising, LPM is crucial if lawyers are to add value by controlling budgets, communicate pro-actively on risk mitigation and costs, and manage time by resourcing to deal with pinch points in the project.
Press Release - Firm news
Browne Jacobson becomes first law firm to join O Shaped’s movement to better the legal profession
On-Demand
NFTs and Smart Contracts - an in-house lawyers perspective
On-Demand
In-house lawyers and CEO skills and development webinar
On-Demand
University spinouts and joint ventures – developing your in-house expertise
Legal Update
Leading through change, a personal perspective
As we await the publication of the Government’s White Paper on local government reorganisation (LGR) it felt timely to reflect on the experiences of the previous Managing Partner (MP) of Browne Jacobson on leading an organisation through change.
Opinion
Important opportunity to comment on case law precedent
The UK government is considering extending this power to depart from retained EU case law to additional lower courts and tribunals, namely the Court of Appeal in England and Wales and the High Court of Justice in England and Wales and their equivalents.
On-Demand
Covid-19: Managing Risks to Your Business: Fighting Fear with Facts - 30 March 2020
In our Covid-19 webinar, a number of key members of our team provide an analysis of current issues arising in relation to the pandemic and its effect on business.