Business case for clarity in data governance
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
We live in an age of digital transparency — or at least the expectation of it. Every business, from the local e-commerce startup to the sprawling multinational, now sits on a mountain of personal data, much of it collected invisibly and processed without pause. In this context, regulation has emerged not just as a compliance box to tick, but as a mirror held up to our operations. Some executives argue the mirror is now a magnifying glass, and that regulation has tipped into overreach. But are we truly overregulated, or just newly accountable?
It’s tempting to side with those who see the current regulatory environment as excessive. GDPR, DORA, the Digital Services Act, and more recently, AI-specific legislation, have created what feels like a perpetual cascade of compliance obligations. Boards groan at the overhead. Legal teams scramble to interpret yet another acronym. Data protection officers, like myself, are often caught between enabling innovation and enforcing guardrails. But the truth is more complex. Regulation, when done well, is not a noose around the neck of progress — it’s the compass that ensures we’re not running blind into a future defined by exploitation, opacity, and eventual mistrust.
Let’s be honest: in many sectors, businesses have historically operated with little accountability in how they collect, use, and share data. We’ve tolerated vague privacy notices, excessive data retention, and third-party arrangements that would make a compliance officer blush. The regulatory wave has not created these issues — it’s merely dragged them into the light. Those who decry “overregulation” often do so not because the rules are unfair, but because the spotlight is inconvenient.
Take security and transparency. Are we really overregulated, or are we simply being asked to do what any reasonable customer would expect? If a firm holds biometric data, financial transactions, or personal identifiers, shouldn’t it be standard — not exceptional — to secure that information and explain how it’s used? Regulation has forced businesses to mature faster than they may have liked, but in doing so, it’s also built trust with consumers, clients, and even employees. Accountability is no longer optional. It’s the price of entry to the digital economy.
That said, the frustration from some corners of the C-suite is not entirely misplaced. Regulation can be clunky. It can be duplicative. And yes, it can sometimes feel detached from the operational realities of running a fast-moving tech company. But the answer is not less regulation — it’s smarter, more harmonised regulation. Legislators need to understand the operational tempo of the industries they regulate. Conversely, business leaders must stop hoping the storm will pass and instead invest in sustainable, strategic governance. This isn’t a trend. It’s a tectonic shift.
We must also rethink the narrative that compliance is the enemy of innovation. On the contrary, the firms thriving under today’s rules are those that have used data governance as a competitive differentiator. They know where their data lives, what it’s worth, and how to use it responsibly. They don’t need to scramble when the auditors come knocking or when customers ask questions. Regulation hasn’t slowed them down — it’s sharpened their edge. It’s forced clarity where there was once only chaos.
So no, I don’t believe we are overregulated. I believe we are in the middle of a long overdue recalibration. The digital economy has grown up, and so must its stewards. If we want to be trusted with the lifeblood of modern society —data— we must accept that trust comes with conditions. Those conditions may be uncomfortable. They may be costly. But they are, in the end, good for business.
The better question isn’t whether we are overregulated. It’s whether we’re ready to stop playing defence and start building data cultures that make regulation a formality, not a firefight. That’s where the real opportunity lies.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com