This course explains how UK data protection and ePrivacy rules apply to AI systems in practice, focusing on AI specific data touchpoints rather than general privacy theory. It covers where personal data appears across AI workflows such as training or fine tuning data, user prompts, outputs, evaluation artefacts, and operational logs. It also covers the governance steps that matter most for AI in the UK, including lawful basis and purpose control, transparency and fairness expectations, automated decision making safeguards, DPIA style risk assessment, international transfers in AI supply chains, and PECR issues for cookies and similar tracking used in AI enabled products. The aim is that learners finish with a set of clear records and checks that make AI use defensible.