GDPR: An opportunity for Corporate Affairs?

As the 25^th May enforcement deadline is fast approaching, and with recent news around Facebook and other tech giants stoking concerns around consumer data protection, it is no surprise that General Data Protection Regulation (GDPR) is appearing in headlines throughout Europe. Most industry experts share concerns that businesses across industries are not prepared.

GDPR has typically been characterised as the responsibility of Legal, Compliance, IT and Data functions, but the ushering in of the new policy also represents an opportunity for Corporate Affairs. In other moments of changing regulation (the UK soft drink levy, for example), Corporate Affairs heads worked to understand and communicate external and internal anxieties around the change.

Crucially, successful communications strategies also highlighted the policies already in place that addressed consumer health and wellbeing and were therefore protected from critics saying that the only motivation for the change were threats around noncompliance. These companies were able to tell a story of consumer-centricity that was both authentic and in line with the changing regulatory environment.

Of course, conforming to GDPR presents challenges beyond communications. Risks to business operations include fines, fundamental changes to (tech) business models that could make these companies less appealing to investors and possible customer churn due to lack of trust. In highlighting the opportunity for Corporate Affairs around GDPR, the aim is not to downplay the very real and fundamental changes that businesses will need to make operationally. Rather, the goal is to acknowledge Corporate Affairs as well-positioned to make sure pressing stakeholder concerns are raised and addressed, internal functions aligned in their messaging and that there is a link between operations and how they are viewed externally.

Indeed, in understanding stakeholder concern, Corporate Affairs can also emphasise to the business the opportunities that come from GDPR compliance. These opportunities include boosting consumer confidence, streamlining incident response and building infrastructure that lends itself to innovative products and services. To look at GDPR as only a risk would be overlooking the chance to proactively build goodwill with stakeholders.

Another opportunity that presents itself is first-mover advantage: no single organisation appears yet to have taken the lead in communicating GDPR preparedness. To most successfully seize this opportunity, the Corporate Affairs leader must have the right story to tell. By simply explaining how the business will change to meet the requirements of the new regulation, they are opening themselves up to criticism similar to that levied recently at Facebook – that any data protection measures put in place now are only in response to being backed into a corner by GDPR.

The best communication around GDPR should highlight pre-existing data privacy provisions and how they sit within the company’s commitment to its stakeholders. (And what is obvious here is the need for internal due diligence around previous data privacy practices.) It is the role of Corporate Affairs to understand which narrative will speak most clearly to external anxieties. Businesses seen as embracing the opportunities GDPR presents, rather than shying away for fear of admonition, will be those best positioned to grow trust.