What do early retirement, great parties and transatlantic flights have in common? They all require good planning. And you can add regulatory remediation to that list – without a solid plan, you’re bound to encounter hurdles.
With the EU Commission’s deadline for implementing updated Standard Contractual Clauses (SCCs) so close, it’s time to start thinking about how the lessons learned from Schrems II/GDPR apply to all regulatory remediation projects. This season, Factor’s podcast – Code Reg – is dedicated to Schrems II/GDPR related remediation. In episode five, our experienced internal practitioners are joined by special guest Barry McDonald, Vice President of Solutions Consulting at Factor. They discuss the importance of proper planning for organizations handling Schrems II/GDPR related remediation – or any other remediation program.
In this recap of Code Reg episode five, we discuss:
Before you climb a mountain, you need to define your route. The proverbial mountain climb of regulatory remediation is no different – you need to understand the problem you’re looking to solve, make a plan for solving it and define the requirements of that plan.
“It goes back to the old adage that a problem well defined is a problem half solved. But just as importantly as defining the problem, [planning] ensures that relevant individuals within the organization, whether they be on the business side, the legal side or compliance are all aligned on what they are seeking to achieve.”
- Barry McDonald
While a plan supports clearer internal alignment, it can also have big benefits for external relationships – for organizations dealing with Schrems II/GDPR or any other requirements.
“In all cases where there's regulatory or legal conformance requirements, if you have a plan in place, if you have identified the issue and are taking good faith actions to ensure conformance or compliance with the rules, that goes a long way in building trust with the relevant regulators.”
- Barry McDonald
A solid plan won’t eliminate the possibility of a sanction or fines, but it at least helps reduce the likelihood of that action. And tempting as it may be to dive into tactical work right away, that approach will ultimately lead to headaches.
“This can not only slow the process and lead to duplication of efforts, but also create a jumbled approach to solving for a particular problem.”
- Barry McDonald
Even the best laid plans go awry. But that doesn’t mean the initial legwork done in a pre-planning phase is all for naught at the first unexpected bend in road – in fact, proper planning continues throughout the entire project.
"The planning process is one that never ends … Things change throughout a project. There are unforeseen circumstances you just can't plan for. So, the planning processes is constant, forever changing to address changing circumstances.”
- David Shaw
This ongoing approach to planning means that as new information (inevitably) comes to light, it’s easier to keep the pre-established end goal in mind.
“In almost every case where there is a large regulatory conformance activity, things are going to change … As you're dealing with these issues, [planning] allows you to take an agile approach to resolving those and moving forward, trying to get back on the plan of meeting the relevant legal, regulatory or corporate requirements that have been already determined.”
- Barry McDonald
While some of the benefits of proper planning are obvious, others are less visible, but they’ll have a major impact on the ultimate success of your efforts.
“One of the key benefits of thorough planning on the front end is around socialization, and just getting all of the key stakeholders within the client organization on board … focused on why this matters, why it's a priority and what each individual stakeholder in the organization can do to help progress towards the important goal here.”
- Coque Dion
This type of socialization and clear communication fosters alignment and trust – two vital elements of a successful project.
“It builds trust ... And it's not just with the key stakeholders [or] the leaders, it's with the people that you're working with tactically every day. It's about ensuring that things are not opaque, they’re fully transparent.”
- Barry McDonald
The benefits of thorough planning are obvious. But how can you design a successful plan for your remediation project? There are three key elements to consider: defining the problem, identifying the right stakeholders (and those building relationships) and prioritizing the work.
First, understand and align on what the legal regulatory or corporate requirements are. Next, ensure you have the right people at the table; build relationships with them so even skeptics turn into project advocates. Finally, prioritize the work from a risk perspective – particularly when a deadline is fast approaching.
“If a regulator were to come in and look, you could have a narrative … we are focusing on the most impactful items first and this is our methodology, this is how we determine prioritization and this is our good faith effort to facilitate material compliance in the time that we have.”
- Barry McDonald
From a more tactical perspective, considering the location and owners of documents is another key component of successful planning.
“Something we're seeing so often is the importance of planning around where documents are stored how to access those systems, or even physical documents and understanding the owners of those documents for remediation.”
- Coque Dion
A final ‘nuts and bolts’ element of developing a remediation plan involves creating clear, crisp documentation that identifies:
For more Schrems II/GDPR related insights, subscribe to Code Reg wherever you get your podcasts.
