Helping GRC leaders turn complexity into clear, actionable strategies

We're not just another consultancy — we're a catalyst for change.

Turning digital regulation into a strategic advantage

At Purpose and Means, we don't settle for compliance for compliance's sake. We partner with leaders across the globe to align digital regulation tightly with business purpose and strategy, ensuring it's a living, breathing part of your organisation — not just a legal checkbox.

Although we are based in Copenhagen, we operate globally and have years of experience working with global corporations — understanding their requirements and how they work.

Being a niche consultancy, we have the agility to turn on a sixpence and adapt to your changing business circumstances.

What makes us different?

• We bring digital regulation to life. Using visual thinking and engagement-focused methods, we make it accessible and actionable from top to bottom.
• Beyond the legal bias. While we collaborate with legal teams, we break down silos, empowering every function of your business to embrace ethical, rights-based approaches to data.
• Ethics at the core. We don't just preach and teach compliance; we help you embed fairness and transparency, reflecting key principles of European data protection law.

Key issues we address

Many consultancies promise to do it all. We don't.

Our focus is sharp and deliberate — tackling the challenges we're best equipped to solve.

Horizon Scanning and Analysis →

LEGO® SERIOUS PLAY® Workshops →

Virtual Communication Support →

TechReg Purpose and Strategy →

Rapid Analysis Workshops →

ESG and Data Protection →

Programme Maturity Assessments →

Custom Education and Training →

Infographics and Explainers →

Latest blog posts

19 Mar 2026 · 4 min read

Déjà Vu at the Office: Why yesterday's sourcing strategy is today's AI survival guide

The recent wave of layoffs across major Danish companies is a loud wake-up call.

16 Mar 2026 · 6 min read

LinkedIn's blocking fail: technical glitch or safety incident?

When key safety mechanisms fail, the burden shifts to the most vulnerable users.

12 Mar 2026 · 4 min read

Piecing together your team's work practices, brick by brick

Sometimes, the most complex data protection or GRC challenges are best solved not by traditional meetings but by building models of our reality.

9 Mar 2026 · 4 min read

Beyond legal #20: Getting real with harms

Notes from the FTC’s latest conference about informational harms highlighting why data protection is a complex economic, societal, and product design issue that is far too critical to be left solely to the legal department.

2 Mar 2026 · 4 min read

The myth of the CEO’s surveillance dashboard

Workplace surveillance is rarely a simple top-down pyramid, but a recursive trap where "Dataism" judges the C-suite and the true "ultimate dashboard" sits not in the boardroom, but with the IT administrators.

26 Feb 2026 · 6 min read

Beyond legal # 19: The Chrome-ification of education and the algorithmic classroom

Triggered by the recent Danish regulatory ruling against the use of Google in schools, "Googleization of education" is not just a legal compliance issue, but a key societal challenge that commodifies children's data, threatens their rights and freedoms, and erodes traditional teacher autonomy in favour of algorithmic standardisation.