The Information Commissioner’s Office has published a detailed report on agentic AI, a technology that will fundamentally change how organisations process personal data over the next two to five years. If you manage HR systems, oversee data protection compliance, or lead people operations, this technology will affect your work sooner than you might expect.
The report sets out what agentic AI actually is, where it will appear in your organisation, and what data protection challenges you need to plan for now. This article translates the ICO’s findings into practical guidance for HR and data protection professionals.
What agentic AI actually means
Agentic AI builds on the generative AI you already know about. Think of ChatGPT or similar tools, but with the ability to actually do things rather than just generate text. These systems can access your databases, interact with other software, create plans to achieve goals, and execute those plans with minimal human oversight.
The critical difference is autonomy. Where traditional software follows fixed rules, and current AI tools generate content when asked, agentic AI can pursue open-ended goals by deciding what steps to take, what tools to use, and how to adapt when things change. It can work across multiple systems, remember previous interactions, and learn from its mistakes.
This matters because it inherits all the problems of generative AI (inaccurate outputs, bias, confidently wrong answers) but adds new risks through its ability to take action at scale with less human intervention.
Where you will encounter agentic AI in your organisation
The ICO identifies several workplace applications already in development or early deployment. You are likely to see agentic AI appear in your organisation through:
- Recruitment systems that generate job descriptions, screen applications, conduct initial interviews via chatbot, and schedule follow-up interviews without human involvement at each stage
- IT support tools that diagnose technical problems by asking employees questions, accessing system logs, and implementing fixes while learning from the results
- HR administration systems that process employee requests by accessing multiple databases, validating information, completing forms, and updating records across different platforms
- Personal assistant tools that individual employees use to manage their work, potentially accessing company systems and processing workplace data without central oversight
The insurance and customer service sectors are seeing particularly rapid adoption, with agents automating data entry, reviewing unstructured records, and flagging anomalies. If you work in these sectors, you need to understand these technologies now.
The data protection challenges you need to plan for
The ICO identifies several risks that go beyond standard AI compliance issues. These challenges will affect how you implement systems and how you demonstrate compliance.
Responsibility remains with you
Despite the term “agent”, these are not independent legal entities. Your organisation remains the data controller and is fully responsible for what the system does with personal data. The reduction in human oversight, which is the whole point of agentic systems, means problems can persist and multiply before anyone notices.
You need monitoring mechanisms that work at the speed and scale of automated decisions. Quarterly audits will not suffice when an agent makes thousands of decisions daily.
Automated decision-making
These systems will rapidly automate complex decisions that significantly affect individuals. Under Article 22 of the UK GDPR, there are restrictions on automated decision making: at the very least you must inform data subjects about automated decisions, explain the logic involved, and provide meaningful human review when requested. With agentic systems, this becomes more difficult because the decision-making process involves multiple tools and steps that even the developers may struggle to explain.
Before deploying agentic AI in recruitment, performance management, or any system affecting employment decisions, you need clear procedures for explaining decisions and providing human intervention. Generic statements about AI use will not satisfy your obligations.
Purpose limitation
Agentic AI is designed to handle open-ended tasks. This creates pressure to define processing purposes very broadly to accommodate whatever the agent might need to do. The ICO is clear that this approach is not acceptable. You must establish specific purposes for each processing activity, even when using flexible systems.
Data minimisation requires particular attention. Do not give agents access to entire databases just in case they might need the information. Apply the principle of least privilege: grant access only to data necessary for defined tasks. Your technical architecture must enforce these boundaries.
Special category data risks increase
An agent pursuing broad goals might infer or process special category data without anyone intending this to happen. For example, an HR support agent accessing various records might infer health conditions, trade union membership, or other protected characteristics from seemingly innocuous information.
You will need to assess this possibility during system design and ensure that you have both a lawful basis under Article 6, and an Article 9 condition for processing special category data. Better still, implement technical measures to prevent the agent from processing this data at all if it is not necessary for the defined purpose.
Accuracy problems cascade
The probabilistic nature of large language models means that they generate inaccurate information. In agentic systems, the wrong output becomes input for the next decision, which compounds the inaccuracy. A fabricated detail about an employee’s absence record could propagate through multiple systems (and actions) before anyone spots the error. The ICO calls this “cascading hallucinations”.
You need mechanisms to verify information at critical decision points, not just at the start of a process. This is particularly important for any system handling employee records, performance data, or information affecting employment rights.
Transparency becomes nearly impossible without design effort
When agents interact with other agents across different systems, data flows become opaque to human observers. You might not know what personal data was processed, where it went, or how it influenced decisions. This fundamentally undermines transparency and makes it difficult for individuals to exercise their rights.
Privacy by design is essential here. Systems must log data access, record decision points, and create audit trails that you can actually use to respond to subject access requests. Implementing these controls after deployment is far harder than building them in from the start.
What you should do now
Agentic AI is fast approaching. The ICO expects organisations to act before these systems become embedded in operations. Waiting until you face a complaint or breach is not an acceptable approach. The following steps need to be taken:
- Review your procurement and IT governance processes
Business units will adopt agentic AI tools, often marketed as productivity enhancers or customer service improvements. Your procurement process must identify these systems and subject them to proper data protection impact assessments before deployment.
Make sure your IT team understands that agentic capabilities might be embedded in software updates to existing systems. A routine CRM upgrade could introduce agent functionality that changes your data processing fundamentally.
- Update your data protection impact assessment templates
Your existing DPIA templates are unlikely to address agentic AI adequately. Add specific questions about system autonomy, data access boundaries, special category data inference, accuracy verification, and agent-to-agent communication. Focus on architecture and controls, not just policies.
- Map where automated decisions already happen
Before agentic systems arrive, understand what automated decision-making you already do. Document how you inform individuals, how they can request human review, and how you actually conduct that review. This foundation will help you extend these processes to more complex agentic decisions.
- Review your subject access request procedures
Consider how you would respond to a subject access request when an agentic system has processed someone’s data. Can you identify what data the agent accessed? Can you explain what it did with that data and why? If not, you will struggle to comply with data protection law.
- Monitor for shadow AI use and update your AI acceptable use policy
Employees are already experimenting with AI tools, including personal assistants that might access work data. Your acceptable use policies need to address this explicitly, and you need ways to detect when personal data is being processed through unauthorised agentic systems.
- Engage with vendors developing these systems
Ask potential suppliers how their agentic systems handle data minimisation, how they prevent special category data processing, how they maintain accuracy, and how they create audit trails. Suppliers who cannot answer these questions clearly are not ready to deploy in regulated environments.
The ICO’s forward approach
The ICO recognises that this technology is still evolving. It plans to update its guidance on automated decision-making and profiling in 2026, develop a statutory code of practice on AI and automated decision-making, and work with other regulators through the Digital Regulation Cooperation Forum.
Organisations developing agentic AI systems can use the ICO’s Regulatory Sandbox for support in building compliant systems from the outset. This is preferable to retrofitting controls after deployment.
The report uses scenario planning to consider four possible futures based on how capable these systems become and how quickly organisations adopt them. The scenarios range from limited deployment of simple agents to ubiquitous powerful systems mediating vast amounts of personal data. Each scenario presents different regulatory challenges, but all require action now.
The consistent message from the ICO is that system architecture matters more than policies. How you design and implement agentic AI determines whether it amplifies or mitigates data protection risks. Organisations that wait for these systems to arrive before thinking about data protection will find themselves trying to retrofit controls onto technologies that were not built to accommodate them.
Start planning now. The systems are coming, and the regulatory expectations are clear.
If you need help on any of the matters raised in this article, please contact Matthew Cole.
You can view our full range of Data Protection Services here
