Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

How I learnt to keep worrying, but embrace Google Gemini anyway

  • Published: July 15, 2026
  • Category: Cyber Security

Share this post

Avatar photo
Daniel Mannion

Share this post

At this point, most organisations have probably had the conversation.

Someone in your team has tried ChatGPT. Someone else has raised concerns about governance and data. Someone has read a headline saying AI will transform productivity. Someone else thinks it’s mostly hype.

And somewhere in the middle sits a slightly more practical question:

What does actually introducing one of these tools into a business look like?

Not in theory, just day-to-day.

Where do people use it? What’s useful? What turns out not to matter? How do you introduce something like this without creating more friction, risk or admin than you remove?

About a year ago, we found ourselves asking those same questions.

In Adam’s previous blog on AI adoption at 8fold, he shared how we approached introducing AI safely and what governance principles helped us create space for experimentation.

This article is more about the practical side.

What happened once we actually put a general-purpose LLM into people’s hands and started using it in the real world?

Could a large language model actually improve the way we work, and if so, what would that look like in practice?

Loading...
How I learnt to keep worrying, but embrace Google Gemini anyway

Even if AI never solves a problem, it’s solved one for me

Read More →

July 8, 2026

We weren’t looking for an AI compliance specialist

We didn’t want an LLM to do compliance work. We already have people for that, and they’re very good at it.

What we wanted was something much less ambitious. Think less artificial compliance consultant and more new-and-improved Clippy.

(If Clippy passed you by, it was Microsoft’s famously enthusiastic writing assistant that used to appear in Office documents and offer help, whether you wanted it or not.)

That was much closer to our intended use.


We just wanted to reduce friction in some of our internal processes and help people communicate more effectively. That meant helping staff tailor reports to different audiences, improve written communications, reduce admin overhead and create more space for the work humans are actually good at.

How I learnt to keep worrying, but embrace Google Gemini anyway

The challenge wasn’t the technology. It was making it usable.

Like lots of organisations, we experimented with tools like ChatGPT and Claude. They worked well enough, but we kept hitting two practical issues.

The first: information management.

Even when we removed confidential information and disabled training settings where possible, using standalone tools created another information asset to think about and control. Every upload created another process. Every check added time. Eventually we realised we were spending enough effort managing the process that we were losing some of the benefit.

The second issue surprised us more:

People simply weren’t reaching for the tools.

Not because they didn’t like them. They just weren’t where work happened. Switching tabs, copying and pasting text, moving between systems. None of that sounds difficult, but small amounts of friction add up quickly. How many extra steps are worth taking to make an email slightly clearer?

That became the real question for us

Crossing the Rubicon

Then Google made the decision for us. Gemini appeared inside our Google Workspace environment (if I’m honest, our first reaction wasn’t excitement. We were slightly irritated).

Like any change in tooling, we wanted to understand what had changed, what controls existed and what that meant for our governance processes. We added monitoring around developer updates and treated it as something to review properly.

But it also made us curious.

If AI is already appearing inside the systems people use every day, what would responsible adoption actually look like?

So we set up an entirely separate Google Workspace environment and tested Gemini independently. What surprised us wasn’t that Gemini was dramatically more capable than the alternatives. It was that for our intended use, it worked well because it was already embedded into existing workflows.

There was less switching between systems, fewer information management concerns and much less effort required to make it part of day-to-day work.

How I learnt to keep worrying, but embrace Google Gemini anyway

What using Gemini actually looks like at 8fold

A year in, our use of Gemini has stayed fairly practical and low risk.

We use it to;

  • help rewrite communications and adjust tone
  • shorten emails and improve clarity
  • help locate information and documents more efficiently
  • transcribe and summarise meetings

We also use it for early-stage research, although with an important caveat. We ask for references and links and verify information ourselves rather than treating outputs as authoritative.

One of the more useful roles it’s found is acting as a final review layer. Sometimes it’s less about generating something new and more about being a third pair of eyes:

  • Does this align with guidance?
  • Is something unclear?
  • Have we missed anything obvious?

That’s often where we’ve seen the most value. At the same time, we’ve been careful not to overstate what these tools can do. We still review transcripts, we still check sources, we still make decisions.

What hasn’t worked quite so well?

Some of the limitations have been useful to discover, too.

We’ve tested more specialist use cases and found that current LLMs still struggle when tasks depend heavily on interpretation, judgement and context.

For example, document gap analysis sounds like the sort of thing AI should be good at. In practice, we’ve found the level of detail and interpretation required means it doesn’t perform at the standard we’d expect.

Interestingly, we’ve also become reasonably good at spotting communications that have been heavily LLM-generated. Not because they’re wrong, but because they feel slightly disconnected from the audience or situation. The words are there, but the judgment often isn’t.

Thinking about implementing an LLM yourself ?

One of the outcomes of doing this work internally is that it’s refined the questions we’d ask if we were approaching implementation again.

Rather than starting with the technology, we think it’s best to begin by asking:

  • What problem are you actually trying to solve?
  • Does the tool fit naturally into existing workflows?
  • Will people realistically use it?
  • Will it save time, improve quality, or both?
  • What unintended consequences could it create?
  • What still needs human oversight?

Those questions ended up being more useful to us than comparing model benchmarks.

What hasn’t changed in a post-Gemini world

The most valuable thing Gemini has done for us hasn’t been replacing expertise.

It’s reduced friction around communication, drafting, finding information and admin. That’s created more capacity for the work that still depends on people:

  • Interpreting requirements
  • Making difficult judgment calls
  • Understanding context
  • Helping organisations implement change in a way that works in the real world

That’s ultimately why we’re not especially worried about AI replacing what we do. 

Clients don’t work with us just because we can generate information quickly; they work with us because they trust us to apply judgment and help them make good decisions.

Ready to introduce an LLM in to your organisation?

If you’re exploring how to introduce LLMs into your organisation safely and proportionately, we’d be happy to share what we’ve learned.

Book AI Governance Consultation

Other Articles​

Loading...
Cybersecurity: The Vanguard of Patient Safety in Healthcare

Cybersecurity: The Vanguard of Patient Safety in Healthcare

Read More →

May 18, 2026
Compliance with the NHS Cyber Security Charter Explained

The Evidence Era: Compliance with the NHS Cyber Security Charter

Read More →

April 1, 2026
cyber essentials plus ce+

Cyber Essentials Plus: Assuring NHS Buyers

Read More →

January 14, 2026
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept