Marketers don’t grow up daydreaming about risk management and compliance. Personally, I never gave governance, risk or compliance (GRC) a second thought outside of making sure my team completed required compliance or phishing training from time to time.
So, when I was tasked with leading the General Data Protection Regulation (GDPR) compliance initiative at a previous employer, I was far from my comfort zone.
What I thought were going to be a few, small requirements regarding how and when we sent emails to contacts based in Europe quickly turned into a complete overhaul of how the organization collected, processed and protected personally identifiable information (PII).
It is a risk leader’s job to facilitate conversations around risk and help guide business unit leaders to finding their own risk appetites.
As it turned out, I had completely underestimated the scope and importance of the project. My first mistake? Assuming compliance was “someone else’s issue.”
Risk management is a team sport
No single risk leader can alone assess, manage and resolve an organization’s risk cap. Without active involvement from business unit leaders across the company in marketing, human resources, sales and more, a company can never have a healthy risk-aware culture.
Leaders successful at developing that culture instill a company-wide team mentality with well-defined objectives, a clear scope and an agreed-upon allocation of responsibility. Ultimately, you need buy-in similar to the way a football coach needs players to buy into the team’s culture and plays for peak performance. While the company’s risk managers may be the quarterbacks when it comes to GRC, the team won’t win without key plays by linemen (sales), running backs (marketing) and receivers (procurement).
It is a risk leader’s job to facilitate conversations around risk and help guide business unit leaders to finding their own risk appetites. It’s not their job to define acceptable levels of risk for us, which is why CMOs, HR and sales leaders have no choice but to take an active role in defining risk for their departments.
Shifting my view on risk management
If I am being honest, I only used to think about risk management in terms of asset protection and cost reduction. My crash course in risk responsibility opened my eyes to the many ways GRC can actually speed deals and furthermore, drive revenue.