Today’s ‘normal’ focuses on fast-paced innovation, accompanied by ever-changing legislation around areas of technology and AI. But where does ‘data governance’ fit in? In most organisations, data governance sounds like something that lives in a binder or a file stored away; however, this is far from reality.
For many organisations, data is both their most valuable asset and their greatest vulnerability, meaning robust governance is no longer optional. As privacy regulations continue to tighten and AI is introduced into everyday roles, the priority must become a human-centred governance strategy. As a result, 2026 is the year data governance is finally recognised as a people strategy issue concerning skills, ethics and trust, not just technology and compliance.
The skills crisis in privacy, cyber and AI governance
In today’s digital economy, AI has become a powerful tool in sectors ranging from tech to healthcare, construction and even education. With the developments in generative AI in recent years, artificial intelligence has undeniably changed how we live and work, but at what cost? Its speed of progress now challenges human ability to develop and maintain the skills, ethics and accountability frameworks required to keep its use human-centred.
Persistent pressure on the IT world to deliver AI innovation and advancement has ultimately created vulnerabilities, with many of us using powerful cyber tools deployed by organisations without fully understanding the risks associated with them.
Why “reskilling” must include data ethics, accountability and regulatory literacy
When it comes to privacy, training should be at the forefront, ensuring all employees recognise the risks and responsibilities that come with handling any type of data. As organisations adopt newly developed software or cyber technology, employees must be given the appropriate information, knowledge and skills to utilise the systems correctly and efficiently.
This is fundamental for effective business operations; however, the focus should be on data ethics, accountability and regulations. By incorporating these 3 core principles into privacy training, organisations can ensure human values and judgment remain central to AI performance and decision-making.
The recently implemented EU AI Act emphasises the focus on ethical AI as well as accountability. It highlights the importance of human oversight while maintaining measures to hold AI developers and deployers responsible. Prior to the EU AI Act, AI and cyber systems were often treated as independent entities, and when harm was caused, it was easy to argue that these were unavoidable technical consequences, leaving no individual accountable. The Act now shifts the dynamic in the right direction, ensuring human aspects are maintained in technology and ensuring all actions of AI can be traced back to the developer.
How weak governance erodes employee trust
For a workplace to have a sense of comfort and safety, employees need to feel respected, trusted and most importantly valued. As workplace technology expands, businesses feel pressured to adopt the newest tools to keep up with their competitors. However, weak governance can allow this shift to signal an increasing reliance on machines over employees, eroding employee trust and leaving the workforce feeling undervalued. As part of good governance, organisations must ensure technology adoption supports employees rather than replaces them, is transparently justified, and is supported by appropriate training to allow employees to operate new technology confidently.
DPOs as enablers of safe digital workplaces
As we move forward in 2026, organisations must recognise that strong data governance ultimately starts with investing in people. Policies and technologies alone cannot guarantee responsible data use. It is human action, supported by the right culture, capability and leadership, that ensures data is handled ethically, decisions remain accountable, and trust is maintained throughout the organisation.
Data Protection Officers (DPOs) play a pivotal role, fostering safe digital workplaces by placing ethics, trust and transparency at the core of business operations. Beyond compliance, effective DPOs act as educators and advisors, leading organisation-wide training and demonstrating best practices in the responsible use of AI and cyber tools. This approach helps mitigate the risks associated with employees handling sensitive personal data, while strengthening overall compliance and data governance.
At HewardMills, we stay at the forefront of ever-changing legislation and regulations, and understand the importance of maintaining robust, proactive strategies that ensure internal operations are ethical, robust and fit for purpose. By bringing deep expertise in regulatory frameworks, jurisdictional requirements and data protection records, we support organisations to build governance structures that are not only compliant but genuinely human-centred. If you’re looking for support from an experienced global DPO, get in touch today.
