In today’s digital-first economy, data is the lifeblood of every business. But with greater power comes greater responsibility. As companies push for rapid innovation through AI and digital transformation, the need for responsible data use becomes more than a compliance box, it is a cornerstone of trust and sustainable success.
At Crimson, we help organisations unlock the value of their data through our consultancy services, always underpinned by ethical, secure, and transparent practices. We’re proud to have signed the Microsoft UK Partner Pledge, reinforcing our commitment to developing technology that is ethical, transparent, and accountable. The pledge aligns with our values by prioritising fairness, explainability, and respect for individual rights in the design and use of AI. It also supports wider efforts to ensure technology serves people, not the other way around, by embedding responsible innovation into how we build and deploy digital solutions.
As Ian Bobbett, Crimson’s Chief Data Officer, explains:
“You can move fast and still do things right. The question is: are you asking the ethical questions early enough in your process?”
AI and automation are transforming how we serve, support, and understand customers. But that transformation can’t come at the expense of privacy or trust.
Organisations often face a critical tension: the need to innovate rapidly versus the obligation to protect people’s data, and ensure the data used to drive solutions is unbiased and with clear provenance. This tension becomes most visible during:
The solution? Build innovation on a foundation of privacy, ethics, and transparency, not as a bolt-on, but as a design principle.
On 19 June 2025, the Data Use and Access Act received Royal Assent, the first major update to UK GDPR since its inception. The Act reinforces ethics in data collection by introducing new recognised legitimate interests, strengthening rights around automated decision-making and subject access requests, and enabling new frameworks for Smart Data and digital identity. At Crimson, we're supporting clients to embed these principles across privacy-centred, trust-building data strategies.
Read the full UK Government guidance here.
Many businesses treat GDPR as a legal hurdle. But in reality, it's a framework for good data hygiene and better customer relationships.
Ian emphasises the importance of thinking ahead:
“I’ve seen companies implement new systems and only review compliance at the end. That’s when things get messy.”
AI can do incredible things, but it amplifies whatever data and intent you feed it.
From profiling customers to automating decisions, AI must be used ethically, especially when outcomes affect real people. Ian suggests asking three essential questions:
One area Crimson sees rising risk is in unintended bias. For example, if a recruitment model is trained mostly on male candidates, it may reinforce gender bias unless datasets are rebalanced.
That’s why we recommend clients implement:
Governance isn’t just about tools, it’s about culture, ownership, and clarity.
Good data governance means:
Crimson supports this with a governance structure that includes training, ethical review boards, and accountability loops. Our developing Crimson Trust Framework brings together pillars like:
Transparency isn’t optional. Under GDPR, any customer can request to see how their data is being used, and businesses are legally required to respond. Ethical organisations go further: they proactively inform users about AI use, profiling, and consent options.
In July 2025, it was revealed that bodyguards for Swedish Prime Minister Ulf Kristersson had unknowingly shared more than 1,400 workout routes using the fitness app Strava. These routes exposed sensitive locations, including the Prime Minister’s private residence, government buildings, hotels, and diplomatic events (The Guardian).
This incident is a clear reminder that even seemingly harmless data can compromise privacy and security. Sweden’s security service responded by launching a formal investigation and tightening data use protocols for official personnel.
This example highlights the importance of proactive data governance, regular privacy training, and ethical oversight in any data collection strategy. It reinforces why organisations must treat all data, no matter how routine or indirect, with care, context, and purpose.
Innovators often fear that too much regulation will limit insight. But data minimisation doesn’t mean doing less, it means doing smarter.
You don’t always need to know who someone is to understand what they need. Synthetic data, aggregation, and anonymisation let teams build powerful models while respecting privacy.
Example:
A city transport app predicting rush-hour congestion doesn’t need commuter names, only aggregated location patterns and travel times.
Crimson’s Data Consultancy Practice helps organisations transform confidently by:
As Ian says:
“We don’t just help clients innovate. We help them innovate responsibly, with a clear view of where their data is, what it’s doing, and whether it should be doing it.”
Want to build AI that earns trust?
Download the white paper: AI Security as a Foundation to discover how to future-proof your data strategy with built-in compliance, governance, and ethics.