Purpose and Means

Data protection and AI governance consultancy and training. We help organisations understand the work needed to comply with law, manage regulatory risk, and build trust with their customers.

We're not just another consultancy — we're a catalyst for change.

Turning digital regulation into a strategic advantage

At Purpose and Means, we don't settle for compliance for compliance's sake. We partner with leaders across the globe to align digital regulation tightly with business purpose and strategy, ensuring it's a living, breathing part of your organisation — not just a legal checkbox.

Although we are based in Copenhagen, we operate globally and have years of experience working with global corporations — understanding their requirements and how they work.

Being a niche consultancy, we have the agility to turn on a sixpence and adapt to your changing business circumstances.

What makes us different?

We bring digital regulation to life. Using visual thinking and engagement-focused methods, we make it accessible and actionable from top to bottom.
Beyond the legal bias. While we collaborate with legal teams, we break down silos, empowering every function of your business to embrace ethical, rights-based approaches to data.
Ethics at the core. We don't just preach and teach compliance; we help you embed fairness and transparency, reflecting key principles of European data protection law.

Key issues we address

Many consultancies promise to do it all. We don't.

Our focus is sharp and deliberate — tackling the challenges we're best equipped to solve.

Horizon Scanning and Analysis →

LEGO® SERIOUS PLAY® Workshops →

Virtual Communication Support →

TechReg Purpose and Strategy →

Rapid Analysis Workshops →

ESG and Data Protection →

Programme Maturity Assessments →

Custom Education and Training →

Infographics and Explainers →

Browse by Topic

accountability accountability frameworks ai act ai and emerging tech ai ethics ai governance ai infrastructure sovereignty ai regulation audit audit and assessment automated decision-making awareness campaigns behaviour change compliance compliance monitoring concepts and analysis cross-border transfers data breach data breach notification data governance data mapping data minimisation data protection and privacy law data protection day data quality data retention data sovereignty data subject rights datatilsynet dora dpa dpia education employee engagement enforcement action esg ethics executive communication finance finance and banking ftc gdpr generative ai grc horizon scanning hr and employment incident response intellectual property leadership machine learning marketing nis2 organisational change practical guidance privacy by design privacy culture privacy rights profiling proportionality public sector records of processing regulators & enforcement regulatory guidance right to privacy risk management risk reduction stakeholder management strategic planning sustainability training and awareness training design transparency trend radar trust vendor management visual communication weak signals workshop facilitation

Latest blog posts

19 Mar 2026 · 4 min read

Déjà Vu at the Office: Why yesterday's sourcing strategy is today's AI survival guide

The recent wave of layoffs across major Danish companies is a loud wake-up call.

16 Mar 2026 · 6 min read

LinkedIn's blocking fail: technical glitch or safety incident?

When key safety mechanisms fail, the burden shifts to the most vulnerable users.

12 Mar 2026 · 4 min read

Piecing together your team's work practices, brick by brick

Sometimes, the most complex data protection or GRC challenges are best solved not by traditional meetings but by building models of our reality.

9 Mar 2026 · 4 min read

Beyond legal #20: Getting real with harms

Notes from the FTC’s latest conference about informational harms highlighting why data protection is a complex economic, societal, and product design issue that is far too critical to be left solely to the legal department.

2 Mar 2026 · 4 min read

The myth of the CEO’s surveillance dashboard

Workplace surveillance is rarely a simple top-down pyramid, but a recursive trap where "Dataism" judges the C-suite and the true "ultimate dashboard" sits not in the boardroom, but with the IT administrators.

26 Feb 2026 · 6 min read

Beyond legal # 19: The Chrome-ification of education and the algorithmic classroom

Triggered by the recent Danish regulatory ruling against the use of Google in schools, "Googleization of education" is not just a legal compliance issue, but a key societal challenge that commodifies children's data, threatens their rights and freedoms, and erodes traditional teacher autonomy in favour of algorithmic standardisation.

View all posts →