Well, it depends on the context. Usually we don’t need to protect data for only showing it in frontend. But the best practice is, always escape or validate data, no matter where they comes from. Like for your case you can do that like below-
<label><?php echo esc_html( $data['title'] ); ?></label>
<input type="text" value=" <?php echo esc_attr( $data['value'] ); ?> " >
Hope this above helps.