As more data regulations, like the European Union's General Data Protection Regulation (GDPR), become mandatory, many companies fear the impact of fines and limitations. But Bernard Huger, CFO of OneLogin, encourages CFOs to view heightened regulations as opportunities for transparency and customer focus rather than fear or concern for fines.
Huger, whose company is a cloud-based identity and access management provider for enterprise-level businesses, said CFOs are the “natural partners” of CIOs for keeping their companies on top when it comes to controlling data and protecting consumer privacy, in an interview with CFO Dive on Tuesday.
“The CFO should be working with the CIO to make sure that we’re engaging properly with the liabilities associated with privacy issues,” Huger said. “It’s important for that partnership to maintain that balance.”
In the wake of new data security and privacy regulations, including GDPR, Huger said the CFO’s role is to ensure that the company has “proper policies and processes in place so that [the company] could make it through audits appropriately, and pass well.”
GDPR took effect in 2018. It imposes stiff disclosure and data handling requirements on companies that do business with people in the E.U. Even though it's limited to E.U. residents, it affects any U.S. company that does business with or whose online platform or website hosts them. California has also passed a GDPR-like law, the California Consumer Privacy Act, that will touch any company working with California residents effective in 2020.
Huger said there are two sides to handling laws such as GDPR. The first is the imperative of protecting customers’ privacy, and the second is the processes that enable the protection itself. Companies can get audited on both those sides.
“The CFO really needs to create the processes that allow companies to work within the rules of GDPR, and some of the other regimes,” he said.
In regard to helping companies stay ahead of the curve when new regulations and limitations are introduced, Huger said the CFO’s job is to “focus on the customer and the other stakeholders in the marketplace. Maybe it’s customers, maybe it’s the process, or maybe it’s individual consumers, but you’ve got to use them as the starting point. These regimes are put in place to protect people, and it’s our obligation to make sure we’re protecting them.”
Huger’s primary advice for CFOs, in light of the increased privacy and data security regulations, is that customers and consumers require companies to operate under these frameworks, “so you better take it seriously. Doing business the way customers and consumers want is better for you.”
Huger has maintained his belief that CFOs do well to collaborate with other members of the C-suite, regardless of the issue. In an August episode of the CFO Thought Leader podcast, Huger said companies benefit most when CFOs are freed up from menial tasks and can be “full, strategic partners” to their CEOs.
“CFOs that have a trusted controller and other senior-level executives as part of their financial planning & analysis (FP&A) team,” can step back and help shape the larger direction of the company, Huger said. His long view comes from his pre-CFO past as a Wall Street investment banker. “Finance is the essence of strategy,” he said in the podcast. “The annual budget planning process is a necessary first step for executives to get aligned on solutions."