← All posts
Ethics Compliance

5 Signs Your Data Ethics & Compliance Is Holding Back Your Data Programme

16 May 2026

5 Signs Your Data Ethics & Compliance Is Holding Back Your Data Programme

Across the organisations we benchmark, Data Ethics & Compliance scores an average of just 2.4 out of 5.0 — a figure that should give every data leader pause. It sits stubbornly below the threshold where ethics moves from a reactive function to a strategic enabler. For CDOs and data leaders, this isn't simply a governance footnote. It's a structural drag on the value your data programme can credibly deliver. When ethics and compliance lag, even well-funded analytics, AI and data product initiatives stall, get rebuilt, or quietly lose stakeholder trust.

Below are five signs your Data Ethics & Compliance maturity is holding your wider programme back — and what each one really signals about the work ahead.

1. Ethics Reviews Happen After the Build, Not Before

If your data scientists and engineers are shipping models or pipelines before ethics, privacy or compliance has been formally consulted, you're operating in a remediation posture. The cost is significant: Gartner has reported that organisations retrofitting governance into AI systems spend up to 40% more than those that embed it from inception. Late-stage ethics reviews don't just slow delivery — they erode the credibility of the review function itself, because reviewers are perceived as blockers rather than partners.

2. Your Policies Exist, But No One Can Quote Them

A common pattern in organisations scoring around 2.4 is that policies are technically documented — often residing on an intranet page last updated 18 months ago — but they don't shape day-to-day decisions. Ask five analysts how your organisation defines acceptable use of customer data for model training. If you get five different answers, your policy framework isn't operational; it's decorative.

Mature data programmes treat policy as a living artefact, embedded in tooling, templates and onboarding. Immature ones treat it as an audit deliverable. The difference shows up in how confidently teams move when faced with a novel use case — and how often they escalate decisions that should be routine.

3. You Can't Answer "Where Is This Data Used?" in Under a Day

One of the clearest symptoms of weak compliance maturity is the inability to trace data lineage across systems quickly. When a regulator, customer or executive asks where a particular dataset is being used, and the answer requires a week of investigation across multiple teams, your compliance posture is fundamentally reactive.

This matters beyond regulatory risk. Without lineage, you can't reliably retire legacy datasets, you can't confidently respond to subject access requests at scale, and you can't give AI governance committees the assurance they need to approve new use cases. Lineage is the spine of compliance — and its absence quietly throttles velocity everywhere.

4. AI and Advanced Analytics Initiatives Are Stuck in "Pilot Purgatory"

If your organisation has a growing portfolio of AI proofs-of-concept that never reach production, ethics and compliance is often the unspoken reason. Models that perform well technically get held up because no one can confidently answer questions about b

How does your organisation compare?

Take the free 13-pillar assessment and get a sector benchmark, pillar scores, and a 90-day action plan.

Start Free Assessment →