ChatGPT/AI use policy - data protection

Has this popped up on anyone's radar?

As more and more people turn to ChatGPT or other AI tools (officially or in secret), there is a risk of employees feeding confidential or other data into these systems without their company's approval and with little to no knowledge of how this data is retained or further processed by Open AI. Case in point are several EU countries that are now considering ChatGPT bans due to data protection concerns?

Is implementing a policy on acceptable or unacceptable use of AI tools for work something you have done or are thinking of?