Blog · PURPOSE AND MEANS

Blog

Latest insights on data protection, AI governance, and GRC leadership.

24 Apr 2026 · 7 min read

Beyond Legal #25: The CISO who thought data protection was a subset of security

Some organisations sit their data protection function inside the security team. It feels logical. It isn't. Here's what the security-centric worldview misses — and what enforcement looks like when it collapses.

23 Apr 2026 · 6 min read

Beyond Legal #24: The procurement manager who finally met his match

A procurement manager had reviewed hundreds of data processing agreements. Then he met a Data Protection Leader who had actually read one. It changed how the whole organisation handled third-party risk.

22 Apr 2026 · 3 min read

Beyond Legal #23: The HR business partner who sent the survey anyway

An HR business partner was told they needed a lawful basis before sending an employee survey. He sent it anyway. The consequences were not abstract.

21 Apr 2026 · 5 min read

Beyond Legal #22: The data architect who made the invisible visible

A data architect showed a Data Protection Leader how personal data actually moves through a business. What followed changed the entire programme — and both their careers.

20 Apr 2026 · 4 min read

Beyond Legal #21: The engineer who built exactly what he was asked

A software engineer built exactly what the ticket said. The Data Protection Leader signed it off without checking. One kept their job. One didn't.

17 Apr 2026 · 10 min read

Why the GDPR's Backstory Matters Today

The GDPR's 99 articles didn't appear from nowhere. Understanding the political battles, court rulings, and lobbying that shaped it matters in 2026.

19 Mar 2026 · 4 min read

Déjà Vu at the Office: Why yesterday's sourcing strategy is today's AI survival guide

Explore how yesterday's talent sourcing strategies are reshaping today's AI workforce. Why traditional hiring won't solve the skills gap facing modern organizations.

16 Mar 2026 · 6 min read

LinkedIn's blocking fail: technical glitch or safety incident?

When LinkedIn's blocking feature failed, it exposed how platform safety gaps put vulnerable users at risk. Explore what went wrong and why it matters.

12 Mar 2026 · 4 min read

Piecing together your team's work practices, brick by brick

Sometimes, the most complex data protection or GRC challenges are best solved not by traditional meetings but by building models of our reality.

9 Mar 2026 · 4 min read

Beyond legal #20: Getting real with harms

Exploring the FTC's latest conference on informational harms and why data protection demands input from product, economics, and security teams—not just legal.

2 Mar 2026 · 4 min read

The myth of the CEO’s surveillance dashboard

Workplace surveillance isn't top-down control—it's a recursive trap where executives become subject to the metrics they create, and true power lies elsewhere.

26 Feb 2026 · 6 min read

Beyond legal # 19: The Chrome-ification of education and the algorithmic classroom

Triggered by the recent Danish regulatory ruling against Google in schools, exploring the data protection implications for education.

20 Feb 2026 · 9 min read

Beyond legal #18: data separation as a design strategy

Explore how data separation functions as a critical design strategy to prevent fragmented surveillance systems from converging into total visibility and protect fundamental rights.

13 Feb 2026 · 5 min read

Beyond legal #17: Planting other trees in the forest

Understand the roots of digital risk. Learn how strategic vendor decoupling and risk reduction—not avoidance—protect your organization and family online.

23 Jan 2026 · 8 min read

Beyond legal #16: GRC leaders - your chance to shine

GRC leaders can shape business strategy in uncertain times. Learn how to move beyond constraint, embed governance in design, and gain peer buy-in.

Browse by Topic

accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 28 article 32 audit and assessment automated decision-making awareness campaigns behaviour change beyond legal case law compliance monitoring cross-border transfers data breach notification data mapping data minimisation data processing agreements data protection by design data protection day data quality data retention data sovereignty datatilsynet dora dpia education employee data employee engagement esg executive communication finance and banking gdpr gdpr at 10 generative ai grc horizon scanning hr and data protection hr and employment incident response information security intellectual property lawful basis leadership lego serious play machine learning nis2 privacy by design privacy culture public sector quantum computing records of processing regulatory guidance risk management risk reduction software development strategic planning sub-processors sustainability third-party risk training design trend radar vendor management visual communication weak signals workshop facilitation