AI in the Workplace: The Perils Employers Cannot Afford to Ignore

18th June 2026 | Emma O’Meara | Employment, AI in the work place, Data protection

Artificial intelligence is no longer the preserve of tech giants and start-ups. It has quietly moved into the HR function, the payroll department, and the manager's inbox. Employers are using AI tools to screen CVs, draft disciplinary letters, calculate entitlements, manage performance, and even conduct early-stage grievance triage. The appeal is obvious: speed, consistency, and cost reduction. But the risks are equally real, and some employers are sleepwalking into them. This article sets out the key dangers every employer should understand before placing significant reliance on AI in the employment context.

GDPR and Data Protection: A Compliance Minefield

When an employer feeds employee information into an AI tool, whether that is a name, salary details, performance history, sickness records, or disciplinary notes, they are processing personal data. Under the UK GDPR and the Data Protection Act 2018, that processing must have a lawful basis, a legitimate purpose, and must be proportionate to that purpose.

The problem is that many AI platforms (particularly large language models accessed via third-party services) are not straightforward data processors. Their terms of service may permit the use of inputted data to train or improve their models. Unless an employer has scrutinised and negotiated those terms, there is a real risk that confidential employee data is being repurposed in ways the employer (and the employee) never envisaged.

Special Category Data

Employers must be particularly vigilant about special category data. AI tools used in HR contexts routinely encounter information relating to:

Health and disability (sickness absence records, occupational health reports)
Trade union membership (collective consultation records)
Racial or ethnic origin (diversity monitoring data)

Processing such data requires not only a lawful basis under Article 6 UK GDPR, but also a separate condition under Article 9. Inadvertently routing this data through an AI platform that lacks the appropriate safeguards constitutes a serious breach.

Automated Decision-Making

Article 22 of the UK GDPR gives employees the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. If an employer uses an AI tool to make, or materially influence, decisions about recruitment, dismissal, performance grading, or pay reviews, they are potentially in breach of this provision unless an exception applies and appropriate safeguards are in place.

The Information Commissioner’s Office (ICO) has been clear that “solely automated” does not require the complete absence of a human; it includes situations where a human rubber-stamps an AI recommendation without any genuine independent assessment. Employers who have adopted a “human in the loop” approach as a tick-box exercise rather than a substantive safeguard should reconsider their position.

International Data Transfers

Many AI tools are operated by US-based providers. Transferring personal data outside the UK requires either reliance on an adequacy regulation (the UK-US Data Bridge currently provides a mechanism for qualifying organisations) or the use of appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses. Employers who simply sign up to an AI platform without checking where data is stored and processed are routinely in breach of the transfer rules.

Data Protection Impact Assessments

Where AI processing is likely to result in a high risk to individuals (and AI-driven HR decision-making almost invariably meets that threshold) a Data Protection Impact Assessment (DPIA) is mandatory before processing begins. In practice, very few employers undertake a DPIA before deploying AI tools in their HR functions. This is not a technicality, it is a regulatory requirement with enforcement consequences.

Calculation Errors and AI Hallucination

AI is increasingly used to calculate statutory entitlements such as redundancy pay, holiday accrual, notice pay. But AI models have a fixed training cut-off and do not update automatically when statutory rates change or case law evolves. AI models that use stale training data produce a figure that looks authoritative but is wrong. Large language models are also prone to “hallucination”, generating plausible but incorrect outputs with apparent confidence. In reality, you cannot rely on AI models to produce accurate calculations.

Why AI Cannot Replace Human Judgement

The ACAS Code of Practice sets the minimum standards against which tribunal claims are assessed. AI cannot substitute for the genuine human judgement that standard demands.

Using AI to draft outcome letters, formulate sanctions, or assess evidence introduces specific risks. AI applies patterns rather than evaluating the specific facts, mitigating circumstances, or individual context of a case; all matters tribunals scrutinise directly. AI trained on historical HR data will also reproduce historical biases; where past decisions reflect systemic disadvantage to employees with protected characteristics, the AI will amplify it, creating exposure to indirect discrimination claims under the Equality Act 2010. Finally, inputting disciplinary, grievance, or settlement details into an external AI platform risks waiving confidentiality and legal professional privilege.

Practical Guidance

AI adds genuine value in drafting, research, and policy support but must be treated as an assistant, not a decision-maker. Employers should:

Audit your AI tools – identify every AI-enabled tool used in HR, confirm data processing terms, storage locations, and any model-training provisions.
Complete DPIAs before deploying any AI tool that processes employee data at scale or informs significant decisions — this is a regulatory requirement, not a formality.
Verify all AI-generated calculations against current statutory rates and HMRC guidance as AI figures may be based on outdated data.
Maintain genuine human oversight – any decision affecting someone’s employment requires real human judgement, not a rubber-stamp of an AI recommendation.
Train managers on AI limitations and their own legal obligations.
Update your policies – your data protection, IT acceptable use, and HR procedures should expressly address AI use and set clear parameters.

The employment tribunal system is well-equipped to scrutinise how decisions were reached, not just what decisions were made. An employer who cannot demonstrate that a dismissal, a redundancy calculation, or a performance outcome involved genuine, informed, and fair human decision-making will find that “the AI recommended it” provides no shelter at all.

If you have any questions about AI in the workplace, or any other employment-related queries, please contact our Employment and Immigration team.

Author

Emma O’Meara Legal Director

emma.o'meara@sherrards.com
+44 (0)1727 738919

Related insights

Insight
Employment Rights Act 2025: A Brief Guide for Employers
Read more
Insight
New Bereavement Leave Entitlement for Miscarriage
Read more
Insight
Festive Cheer, Not Fear: Navigating the New Sexual Harassment Rules This Christmas
Read more