Proud of the success of your privacy or AI compliance team? Why not?

My company Waivern helps organisations with tools to streamline compliance. We empower our customers and partners to adopt and adapt modular tools to fit their exact challenges within privacy and AI, irrespective of the regulatory framework or the nature of the organisation.

Sounds great, yes?

It certainly sounds good to me, but often when I talk about compliance, I sense the vibe a parent arriving at a teenager's party and asking them to turn down the volume. "What a boomer!"

So, let's get real about this problem and get there quickly.

Firstly, as well as being an experienced product manager, I'm a parent in the real world too. I know full well that the volume goes right back up as soon as I leave the room. Likewise, I know that innovative engineers, PMs and designers will let very little get in their way towards creating the ideal product, especially in start-up contexts. Their first focus is, of course, on their biggest risk; not finding product-market fit and running out of cash.

So, nothing surprises me anymore in that regard. And I don't react with an overblown negative attitude towards what I sometimes find. It's just reality in business.

Secondly, sometimes tech teams have just gotten the wrong idea of what good compliance practice looks like. Social media (yes, LinkedIn, that's you, too) pushes their eyeballs towards personalities that are generating the most reaction, usually someone that sees only malicious intent on the part of tech innovators everywhere. This attitude, present only in a minority of compliance professionals but blown-up in click-bait, makes many tech teams reluctant to engage with their compliance colleagues.

Remember, unless they work in the military or financial sectors, it's still a relatively new thing for engineers and product managers building online or AI/ML services to be "regulated" by government authorities. We need those engineers and product folks to know that they can reach out for help and guidance without being lectured or made to feel "guilt". Otherwise, humans being humans, we'll often wait in vain for the next call from that team.

There are of course times when "no, absolutely not" from compliance is the right answer. We all know the cases where destructive intentions (e.g. Cambridge Analytica and its enablers, as well as more recent suspicious instances involving Meta and Yandex) in data processing have been all too real. However, it's much more typical for tech teams simply not to understand the negative impacts and regulatory risks in what they are doing.

Where product and tech teams reach out and engage constructively, compliance experts most often propose a route forward that enables progress towards the original goals. They may spend some time (often measured in days, not months) to do the right assessments and sometimes need leadership to take formal decisions on what their company is doing. These are things we – as a community trained to help with regulatory compliance - can usually accomplish in short order.

In summary, great compliance teams are usually "absolutely can do, if" people.

There are also colleagues who work in this field who go through verbal contortions trying not to be labelled as "compliance". I think that is ultimately self-defeating.

The law won't simply go away and organisations must operate within it, so if we're central to helping organisations comply with their legal obligations, then we're also central to enabling them to sustain, evolve and grow their business. We should "own" that and take professional pride in it.

When done well, compliance helps organisations put the law into operational practice in the least disruptive manner possible, all while continuing with the core of their business strategy. We also sometimes help them to take measured risks with respect to compliance. It's the decision-making mandate of their leadership and situations are often nuanced. When final decisions are the client's and they take full accountability for the outcomes, then we've done our compliance job well, too.

It would also be nice if – every now and then – folks in the c-suites gave public kudos to the work done by compliance teams, together with the business, to nail this balance, helping secure the future of the whole organisation. But that's a whole other article.

So don't be hesitant: recognize out loud that we enable amazing organisations to do incredible things with technology and data within the law. And stake a claim with pride for the importance of compliance roles.