Blog · PURPOSE AND MEANS

Blog

Latest insights on data protection, AI governance, and GRC leadership.

21 Apr 2026 · 5 min read

Beyond Legal #22: The data architect who made the invisible visible

A data architect showed a Data Protection Leader how personal data actually moves through a business. What followed changed the entire programme — and both their careers.

20 Apr 2026 · 4 min read

Beyond Legal #21: The engineer who built exactly what he was asked

A software engineer built exactly what the ticket said. The Data Protection Leader signed it off without checking. One kept their job. One didn't.

17 Apr 2026 · 10 min read

Why the GDPR's Backstory Matters Today

The GDPR's 99 articles didn't appear from nowhere. Understanding the political battles, court rulings, and lobbying that shaped it matters in 2026.

19 Mar 2026 · 4 min read

Déjà Vu at the Office: Why yesterday's sourcing strategy is today's AI survival guide

Explore how yesterday's talent sourcing strategies are reshaping today's AI workforce. Why traditional hiring won't solve the skills gap facing modern organizations.

16 Mar 2026 · 6 min read

LinkedIn's blocking fail: technical glitch or safety incident?

When LinkedIn's blocking feature failed, it exposed how platform safety gaps put vulnerable users at risk. Explore what went wrong and why it matters.

12 Mar 2026 · 4 min read

Piecing together your team's work practices, brick by brick

Sometimes, the most complex data protection or GRC challenges are best solved not by traditional meetings but by building models of our reality.

9 Mar 2026 · 4 min read

Beyond legal #20: Getting real with harms

Exploring the FTC's latest conference on informational harms and why data protection demands input from product, economics, and security teams—not just legal.

2 Mar 2026 · 4 min read

The myth of the CEO’s surveillance dashboard

Workplace surveillance isn't top-down control—it's a recursive trap where executives become subject to the metrics they create, and true power lies elsewhere.

26 Feb 2026 · 6 min read

Beyond legal # 19: The Chrome-ification of education and the algorithmic classroom

Triggered by the recent Danish regulatory ruling against Google in schools, exploring the data protection implications for education.

20 Feb 2026 · 9 min read

Beyond legal #18: data separation as a design strategy

Explore how data separation functions as a critical design strategy to prevent fragmented surveillance systems from converging into total visibility and protect fundamental rights.

13 Feb 2026 · 5 min read

Beyond legal #17: Planting other trees in the forest

Understand the roots of digital risk. Learn how strategic vendor decoupling and risk reduction—not avoidance—protect your organization and family online.

23 Jan 2026 · 8 min read

Beyond legal #16: GRC leaders - your chance to shine

GRC leaders can shape business strategy in uncertain times. Learn how to move beyond constraint, embed governance in design, and gain peer buy-in.

9 Jan 2026 · 4 min read

Avoid the ivory tower: Hub-and-Spoke AI governance without exhausting your local colleagues

Embed AI governance locally without burning out your team. Learn how hub-and-spoke models distribute oversight effectively and avoid champion fatigue.

6 Jan 2026 · 5 min read

15 posts into “Beyond Legal”: what's been covered so far

Fifteen posts exploring why data protection success depends on building organisational capability across risk, engineering, and operations—not just legal compliance.

5 Jan 2026 · 8 min read

Beyond legal #15: Data sovereignty and absolutism

Why absolutism fails unless the business is absolutist too — and what to do instead.

Browse by Topic

accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation audit and assessment automated decision-making awareness campaigns behaviour change beyond legal case law compliance monitoring cross-border transfers data breach notification data mapping data minimisation data protection day data quality data retention data sovereignty datatilsynet dora dpia education employee engagement esg executive communication finance and banking gdpr generative ai grc horizon scanning hr and employment incident response intellectual property leadership lego serious play machine learning nis2 privacy by design privacy culture public sector quantum computing records of processing regulatory guidance risk management risk reduction software development strategic planning sustainability training design trend radar vendor management visual communication weak signals workshop facilitation