AI Usage & Data Handling

At Meridian GRC Consulting Ltd, we use carefully selected artificial intelligence (AI) tools to support accurate documentation of our professional consultations and internal work. This statement explains how we use AI, how we handle data, and the safeguards in place to protect information.

Purpose of AI Use

We use AI tools only to help with the following activities:

  • Transcribing consultation meetings to support accurate record-keeping.

  • Creating draft summaries or notes to assist with documentation.

  • Reviewing written materials for clarity and consistency.

We never use AI tools to replace our professional judgment, give automated advice, or make decisions that affect you or anyone else.

Human Oversight

A Meridian GRC consultant carefully reviews everything AI generates before we use it.

Our final conclusions, recommendations, and actions always reflect human judgment and professional expertise.

We treat anything produced by AI as extra support, not as the final word.

Scope and Data Minimisation

AI tools are used only where appropriate to the engagement and only for the purposes described above.

Our approach is designed to minimise:

  • The volume of data processed.

  • The length of time AI-generated records are retained.

  • Access to recordings, transcripts, and summaries.

Meetings are not recorded or transcribed without participants' knowledge, and consent is obtained prior to use.

Opt-Out and Choice

Clients and meeting participants may opt out of AI-assisted recording or transcription at any time.

Where an opt-out is requested, alternative note-taking methods will be used.

Opt-out options are provided during initial engagement and again when consultations are scheduled.

Data Storage and Retention

We keep all AI-generated recordings, transcripts, and summaries secure, and only authorised users can access them.

We retain your data only as long as needed for your project and in accordance with our legal and professional obligations.

Retention decisions are based on purpose and risk, rather than fixed time periods.

Third-Party AI Providers

At Meridian GRC Consulting, we use trusted third-party AI services to support tasks such as meeting transcription, information summarisation, and our writing.

The providers of these services act as data processors and are subject to appropriate contractual, confidentiality, and data protection obligations.

We never use your data to train AI models for general or outside purposes.

If any personal data is processed outside the UK or the European Economic Area, we implement appropriate safeguards in line with all relevant data protection laws.

Automated Decision-Making

At Meridian GRC Consulting, we never use AI to make decisions about you or your project. AI doesn’t determine outcomes, assessments, or compliance conclusions. Those are always made by our team.


Security and Confidentiality

AI-assisted data is protected using appropriate technical and organisational measures consistent with:

  • The sensitivity of the information.

  • Professional confidentiality obligations.

  • Applicable data protection and security standards.

These measures are applied proportionately, based on risk and the nature of the engagement.

Alignment with Data Protection and AI Regulation

Meridian GRC Consulting’s use of AI is designed to align with:

  • UK and EU data protection laws, including the GDPR.

  • Transparency and human oversight expectations under the EU AI Act.

Questions or Concerns

If you have questions about how AI tools are used or how data is handled, or if you wish to opt out of AI-assisted recording, please contact:

Meridian GRC Consulting Ltd

Email: enquiries@meridiangrc.com