compliance 2021.06.01All blog posts

C-suite series: How to secure your compliance budget and buy-in from the executive team

Last month we launched the first part of our C-suite series with the article: ‘Why you need buy-in from the top for your compliance strategy to succeed.’ 

Outlining a long list of reasons why winning over your executive team is directly linked to the success of your compliance plan, we touched on major benefits such as the ability to protect your company from large fines, safeguard brand value, increase company productivity and improve client relations.

Having firmly established that buy-in from the top is an essential strategy for any compliance team, we now turn our attention from the ‘why’ to the ‘how.’

Your C-suite members are incredibly busy people who are fielding demands from the entire organization, so below, you’ll find tried-and-tested techniques to cut through the noise and secure the executive buy-in and budget your compliance plan needs.

Position compliance as a business concern, not a legal one

Perhaps one of the most effective ways of getting (and holding) the attention of your C-suite is to start talking about compliance as a business driver rather than a legal problem. 

Most people in your company will be aware of the legal need for data protection policies and processes. However, by discussing compliance within legal parameters, you may fail to get the interest of those operating outside of compliance and legal departments. 

Colleagues may recognize the importance of your work but feel it’s irrelevant to their direct responsibilities and objectives, meaning your plans and budget get pushed way down the list of pressing C-suite concerns.

Rather than focusing on regulations, fines, or updates on specific Articles, make compliance a more accessible topic by discussing the wider business benefits and advantages of a robust data protection and privacy plan. 

As we discussed in the first article of our C-suite series, compliance generates numerous business drivers, from increased productivity to boosting brand value,  and these should pique the interest of anyone responsible for ensuring your company’s growth and success. 

Make it your goal to reposition compliance alongside these larger business objectives so that your plan becomes undeniably valuable and is impossible to ignore. 

Get specific: align your strategy with business initiative

A sure-fire way of shifting compliance from a legal issue to a key business driver worthy of C-suite time and investment, is to tailor your compliance proposal to existing or upcoming internal initiatives. 

Take a look at major programs, strategies, or projects that are in progress or in the pipeline, and think about how you can make compliance and privacy relevant to the success of those initiatives.  

For example, say your company is set to embark on a big project with a third-party vendor based in the US. Instead of approaching your C-suite with the latest guidelines from DOJ’s updated “Evaluation of Corporate Compliance Programs,” connect compliance with planned business activity around the new partnership. 

The fact that the DOJ June 2020 paper does indeed mention third parties a staggering 33 times may be fascinating to you. However, your C-suite is more likely to listen to how poor third-party risk management could impact an expensive marketing campaign, derail a carefully strategized PR push, and compromise business relations that have taken months to cultivate. 

The trick is to identify the biggest pain points of your business and look for the areas that mean the most to your C-suite. For some companies, that focus may be on the brand’s reputation; for others, it could be the transition to a data-driven organization. Find these business concerns and make sure your compliance activity taps into them. 

Speak the same language

How you communicate the value of compliance to the C-suite is also incredibly important. In our experience, as soon as you start speaking in GDPR lingo, attention spans begin to dwindle. 

Again, turn to the business world to help ensure your proposal lands. Use universally understood language, company terminology, and business metrics to get on the same page as your board. 

Don’t underestimate the power of visual language. Use your company’s branding and visual signifiers on any presentation or document to help drive home the notion that compliance has a place in your organization’s brand world.

When discussing predicted outcomes or benefits of your compliance strategy, it’s also helpful to reference findings from leading research bodies that you know speak to your C-suite and get their attention and respect. 

For instance, you could highlight that recent studies, such as a PwC US report, have found a direct link between risk management activities and better growth, improved customer relations, and increased profit margins. 

Or, you could cite how IBM’s 20th C Suite study found that the world’s leading organizations are those that incorporate data protection into their data strategy. A great sample quote to pull out would be that by putting data protection and customer trust center stage, companies were proven to ‘create extraordinary value from data, leverage trust to their advantage, and consistently outperform others in many areas.’

Provide a visual overview of your company’s current risk

Once you’ve demonstrated the broader value of compliance to your C-suite, you’ll need to justify the importance and need for specific investments such as additional staff or compliance software.

To convey the value and impact that your strategies will have, use striking graphics, simplified graphs, and bold colors to create a visual overview of your current situation. If your company has done minimal or no compliance work in your chosen area, you should be showing your team a lot of red colors that spark urgent concerns and must-act-now attitudes.

After presenting the current risk, show a visual comparison of where your company will be after your proposed investment and strategies. Switching your reds for ambers and greens is a quick and effective way of explaining to time-poor C-suite members that your actions will lead to direct results and are therefore worth backing.

At Complyon, one feature of our risk and compliance software is a dashboard that shows real-time visualization of your data scenarios, so you’re able to create and send decision-making visuals to your colleagues in just a few clicks. No designers or briefs needed.

Using the traffic light color code, the Compliance Dashboard is a powerful way of demonstrating where you need to focus your efforts and helps communicate how your project is performing.

Back up your strategy by showing risks from real companies

When pitching a new compliance plan and budget to your C-suite, you may want to start by setting the scene with general compliance statistics. You could tell your colleagues how 2021 reports have found that in just a year, GDPR fines have risen by 40%, data breach notifications have surged by 19%, and subsequent penalties totaled €158.5 million.

However, while a general overview of the evolving compliance landscape won’t harm your presentation, relatable case studies from your industry (particularly those that draw parallels to your proposal) will prove far more convincing material for those working outside the data protection and privacy sector. 

With any case studies you present, make sure you explore exactly what went wrong, cover wider consequences beyond the fine, and explain how your proposed compliance solutions would prevent your company from making the same mistakes. 

For example, if you’re employed by a clothing or retail company and are struggling to get C-suite attention, H&M’s 2020 breach would be a good way to educate executives about the importance of investing in compliant practices and processes.

Firstly, bringing up a household brand or industry-renowned name such as H&M should instantly make your pitch more relevant and compelling. Your audience should be interested to know what happened to a fellow industry player and, importantly, see their own company in the scenario.

Building on the initial interest in your story, you could then outline how irresponsible handling of employee data resulted in a €35.3 million fine, negative headlines in major press outlets, and a backlash from both staff and consumers. 

You could then emphasize that all of this could have been avoided if H&M had invested in processes and policies such as those outlined in your proposal (e.g. Strict access controls on internal data and policies for processing and storing personal information). 

Rooting your planned actions in relatable, real-life scenarios helps bring to life the value of compliance strategies, increasing your chance of getting that all-important executive buy-in.

Divide, conquer, then unite the C-suite

When you’re presenting to the C-suite, it’s important to remember that this diverse group of individuals have their own focuses and priorities. Your CMO will have a different set of objectives than your CIO, who is busy dealing with things that aren’t on your CFO’s radar. So, rather than approaching these team members with a blanket pitch for investment, tap into their unique interests and goals. 

Set up individual meetings with each board member to find out what they’re focusing on, what drives their priorities, and what blockers are standing in the way of their goals. Then, figure out how compliance can fit into their roadmaps and make their day-to-day operations more productive and efficient.

If possible, replay these findings to your execs ahead of your big C-suite pitch, as this will help you recruit your compliance allies and give you the chance to fine-tune any messaging, so you know your presentation will land.

Going the extra mile and speaking to your C-suite colleagues personally will ensure your strategy is relevant, considers aspects that are of genuine concern to the board, and sets you up for the successful outcome you’re after. 

Don’t overload, but schedule regular check-ins

As anyone in the industry knows, compliance isn’t a ‘set in and see’ process. Data protection and risk management is a constantly evolving and ongoing process.  It has to react and adapt to new business priorities and technologies, and requires consistent monitoring, new strategies, and varying resources.

Although you want to show that your plan has long-term as well as short-term needs, try not to overwhelm the C-suite with too much information. Instead, break your project into phases and schedule future check-ins to update everyone on your project’s performance and suggested next steps. 

Dividing your workload and goals into clear stages also gives you the opportunity to retain C-suite interest with regular communication, which helps keep your work at the forefront of their busy minds.

Retaining support is just as crucial to the success of a compliance plan as winning initial investment, so make sure to keep your work relevant, engaging, and responsive to the ever-changing needs of your company.

From our real-time risk dashboard to advanced data mapping abilities, Complyon offers a range of solutions that not only keep your company compliant but also automate many of the processes required to show internal and external parties the value and status of your projects. To find out more, get in touch with our team today.

Want to hear more?

Let's talk about how our experience and software can help your company.