Purpose and Means

Data protection and AI governance consultancy and training. We help organisations understand the work needed to comply with law, manage regulatory risk, and build trust with their customers.

We're not just another consultancy — we're a catalyst for change.

Turning digital regulation into a strategic advantage

At Purpose and Means, we don't settle for compliance for compliance's sake. We partner with leaders across the globe to align digital regulation tightly with business purpose and strategy, ensuring it's a living, breathing part of your organisation — not just a legal checkbox.

Although we are based in Copenhagen, we operate globally and have years of experience working with global corporations — understanding their requirements and how they work.

Being a niche consultancy, we have the agility to turn on a sixpence and adapt to your changing business circumstances.

What makes us different?

We bring digital regulation to life. Using visual thinking and engagement-focused methods, we make it accessible and actionable from top to bottom.
Beyond the legal bias. While we collaborate with legal teams, we break down silos, empowering every function of your business to embrace ethical, rights-based approaches to data.
Ethics at the core. We don't just preach and teach compliance; we help you embed fairness and transparency, reflecting key principles of European data protection law.

Key issues we address

Many consultancies promise to do it all. We don't.

Our focus is sharp and deliberate — tackling the challenges we're best equipped to solve.

Horizon Scanning and Analysis →

LEGO® SERIOUS PLAY® Workshops →

Virtual Communication Support →

TechReg Purpose and Strategy →

Rapid Analysis Workshops →

ESG and Data Protection →

Programme Maturity Assessments →

Custom Education and Training →

Infographics and Explainers →

Browse by Topic

accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation audit and assessment automated decision-making awareness campaigns behaviour change beyond legal case law compliance monitoring cross-border transfers data breach notification data mapping data minimisation data protection day data quality data retention data sovereignty datatilsynet dora dpia education employee engagement esg executive communication finance and banking gdpr generative ai grc horizon scanning hr and employment incident response intellectual property leadership lego serious play machine learning nis2 privacy by design privacy culture public sector quantum computing records of processing regulatory guidance risk management risk reduction software development strategic planning sustainability training design trend radar vendor management visual communication weak signals workshop facilitation

Latest blog posts

17 Apr 2026 · 10 min read

Why the GDPR's Backstory Matters Today

The GDPR's 99 articles didn't appear from nowhere. Understanding the political battles, court rulings, and lobbying that shaped it matters in 2026.

19 Mar 2026 · 4 min read

Déjà Vu at the Office: Why yesterday's sourcing strategy is today's AI survival guide

The recent wave of layoffs across major Danish companies is a loud wake-up call.

16 Mar 2026 · 6 min read

LinkedIn's blocking fail: technical glitch or safety incident?

When key safety mechanisms fail, the burden shifts to the most vulnerable users.

12 Mar 2026 · 4 min read

Piecing together your team's work practices, brick by brick

Sometimes, the most complex data protection or GRC challenges are best solved not by traditional meetings but by building models of our reality.

9 Mar 2026 · 4 min read

Beyond legal #20: Getting real with harms

Notes from the FTC’s latest conference about informational harms highlighting why data protection is a complex economic, societal, and product design issue that is far too critical to be left solely to the legal department.

2 Mar 2026 · 4 min read

The myth of the CEO’s surveillance dashboard

Workplace surveillance is rarely a simple top-down pyramid, but a recursive trap where "Dataism" judges the C-suite and the true "ultimate dashboard" sits not in the boardroom, but with the IT administrators.

View all posts →