Navigating AI and Information Governance – Insights from Gimmal & OfficeLabs

In a recent episode of the Gimmal Podcast, Jason Coggins (Gimmal, UK & Europe) and Graham Bidwell (OfficeLabs) sat down for a deep dive into the fast-evolving worlds of data governance, AI adoption, and the challenges faced by modern organizations grappling with information management. This post distills their candid conversation, focusing on the critical intersections of AI and information governance (InfoGov) – from pandemic-driven change to AI readiness and the practicalities of risk, compliance, and culture. 

The Evolving Landscape: From COVID to AI

Pre-COVID: Data in a Walled Garden

Before the pandemic, data governance often meant keeping information behind secure, physical, in-house barriers. Organizations relied on manual processes, on-premises servers, and clear perimeters. The mindset was: “We know where our data is, the server is under the desk, and security is just antivirus and passwords.” Cloud adoption was nascent, and data rarely left the “bubble.” 

COVID-19: The Governance Wake-Up Call 

Remote work upended this paradigm. Suddenly, endpoints (laptops, mobile devices) multiplied, data was shared over WhatsApp and personal email, and informal silos proliferated. Organizations scrambled for tools to monitor productivity and govern data, often confusing the two. 

Key lesson: The traditional, manual, policy-on-the-intranet approach was no longer enough. Data governance needed automation, user-centric design, and robust tooling.

Beyond the Basics: Why InfoGov is More Critical Than Ever 

Risk, Compliance, and Education 

Post-pandemic, many organizations still struggle to distinguish between risk management and governance. There’s a pressing need for education: compliance teams know the rules, but enforcing them organization-wide remains a challenge. Policies alone are insufficient—controls, automation, and actionable insights are essential.

Tooling: Modern Solutions for Modern Problems 

The modern InfoGov toolkit includes: 

• Endpoint management
• File encryption
• Password and network controls
• Smart monitoring and real-time reporting
• Discovery and lifecycle management (e.g., Gimmal’s suite)

Gimmal’s solutions offer the ability to discover, classify, and manage both digital and physical records through their complete lifecycle—transforming traditional, labor-intensive processes. 

The Path to AI Readiness 

Start with Discovery 

The first step to AI readiness is understanding what data you have, where it is, and what rules apply. This means: 

• Comprehensive data discovery: Across endpoints, shared drives, cloud repositories, and legacy systems. 
• Classification: Label data by sensitivity, regulation, and value. 
• Lifecycle management: Apply retention schedules, automate disposition, and document every action for auditing. 

Automate and Enable 

Once data is understood and classified, organizations can automate: 

• Routine workflows (e.g., invoice processing, approvals) 
• DSAR (Data Subject Access Request) responses 
• Retention and deletion policies 

This reduces manual workload, improves compliance, and frees staff for higher-value tasks. 

Involve People & Change Culture 

• Listen to users: Every department and process is unique—one-size-fits-all rarely works. 
• Change management: Success hinges on user buy-in and behavior change, not just technology deployment. 
• Build cross-functional teams: Governance, IT, legal, and business users must collaborate. 

Listen to the Audio Podcast 

InfoGov in the Age of AI: What’s Often Missed 

1. Data Hoarding: Many organizations keep everything “just in case.” This increases risk, hampers DSAR responses, and balloons storage costs. If data has no value or regulatory requirement, dispose of it. 
2. Legacy Data: The greatest risks often lie in old, forgotten, or stale data—rather than active, work-in-progress files. 
3. Mergers, Acquisitions, and Legal Holds: AI can help identify, segregate, and report on data during complex M&A activities, ensuring contractual and legal compliance. 
4. Unstructured Data: InfoGov must span all data types—structured, unstructured, digital, and physical—across all platforms and endpoints. 
5. DSARs and Subject Access: Handling subject access requests is increasingly labor-intensive and costly. Automating discovery and reporting is essential for compliance and efficiency. 
6. Vendor Selection: Beware of “shiny” AI solutions that don’t address real problems. ROI guarantees are suspect—focus on solutions with proven, practical value. 

Sector-Specific Insights 

• Public Sector: High compliance maturity but limited resources. Large, dispersed data stores; DSARs proliferate; budgets are tight. 
• Finance: Highly regulated, subject to legal holds and frequent DSARs; stakes for data integrity are immense. 
• Healthcare/Charity/Manufacturing: Unique challenges in unstructured data, IoT, and operational data—InfoGov must be tailored to each vertical’s needs. 

AI Isn’t Magic—It Needs Good Data 

AI’s effectiveness depends on the quality and appropriateness of the data it’s trained on. Before deploying chatbots, Copilot, or other AI tools: 

• Scope their access to relevant, well-managed data 
• Ensure sensitive data is protected and policies are enforced 
• Build a “corporate memory” by curating and classifying valuable information 

The Gimmal Approach: End-to-End Data Governance 

At Gimmal, our focus is AI readiness and end-to-end data governance. We help organizations: 

• Discover what data they have, where it resides, and its compliance requirements 
• Classify and apply retention/disposition policies, with full audit trails 
• Manage legal holds and support DSARs efficiently 
• Migrate and integrate data across platforms (including SAP–SharePoint via Link Enterprise) 
• Govern digital and physical records, structured and unstructured, across cloud and on-premises 

Our solutions are particularly valuable for organizations with diverse platforms and repositories, giving unified visibility and control.