In a move that demonstrates the ever-shifting landscape of regulations across the globe, SAP SuccessFactors product head Amy Wilson has included a new leader on her team – legal expert Caroline Tahon.

Tahon joined SAP SuccessFactors in 2017 after eight years as legal counsel overseeing post-acquisition integrations for SAP. She brings a depth of regulatory expertise directly onto the product team, meaning we can develop smarter and faster when it comes to meeting and getting ahead of data privacy and protection in our solutions.

While the General Data Protection Regulation (GDPR) is the latest — and most significant — regulation ahead of us today, it’s hardly the only one that’s on our mind. Countries across the globe are re-evaluating their policies and that demands that we build today to address what we expect regulations to be tomorrow.

We talked to Tahon about why she joined the product team directly, and how she’s affecting our thinking and the capabilities we build to help our customers be ready for new laws.

Q: What’s the thinking behind bringing a legal expert into our product team?

A: The writing has been on the wall regarding data privacy and security regulations getting tougher. Like with our approach to ongoing innovation across our suite from a user experience perspective, we also need to anticipate and prepare for new regulations – and prepare before they are fully written or implemented. I collaborate with legal and data security experts from across SAP to interpret new regulations as they are being framed, such as the China Cyber Security Law, and evaluate their impact on SAP SuccessFactors applications. I work directly with our product managers as they evaluate which capabilities to build and prioritize to help our customers comply with current and emerging regulations, participating both across leadership planning sessions and in team scrum meetings where everything comes together.

From an innovation perspective, we also have to respect different legal frameworks. One good example is around machine learning. I’m currently investigating how we can help our customers benefit from their data for intelligent applications, while adhering to regulations.

By partnering directly with our product and engineering team, we eliminate any silos and get right to what’s coming next in terms of data privacy and security or other regulations, and how to best translate new requirements into a robust product roadmap to support customers with compliance. And as we plan our next wave of innovations, we scope from a much broader perspective with a regulatory understanding of what we could deliver to help our customers get the full benefits from their technology investments.

In a regulatory environment that’s in flux, how do we build today to accommodate for changes tomorrow, particularly given the rapid pace of change and the differences in regulation from country to country?

One of the great advantages we have at SAP is the access to data security and privacy experts and legal counsel across many geographies in which SAP operates. This vastly expands our understanding and our speed to respond as we decide certain standards we can build into all our products. As new regulations develop, such as GDPR, we expand on existing features, and add new ones. We build some flexibility into features so they can be applied to different regulatory environments with certain modifications.

Another important aspect to our planning is as we build software to help our customers comply with these regulations, we also have to ensure that any new features can be run across a wide range of businesses. Our customers are big and small, in highly regulated industries or cutting-edge areas, and differ in many other significant ways with business models, processes, etc. Which means we need to create software that helps them be ready to comply without interfering with or jeopardizing their need for innovation, flexibility, and ability to deliver against business goals.

How would you advise our customers to think about data privacy and security for their HR tech investments?

Right off the bat, I’d like to say businesses need to be prepared for regulations on data privacy and security to only get stronger. GDPR, as an example, has provisions to encourage other countries outside the European Union to match certain minimum regulatory requirements for cross-country data transfer. Australia and Japan are looking at the impacts now, and countries in Latin America will likely be in the next wave to initiate changes.

HR leaders get to decide — do they approach these changes only as a matter of compliance, or look at them as an opportunity to build transparency, trust, and a real competitive advantage? From our perspective, we’re seeing a need for a mind-shift in HR where managing people data as securely and discreetly as financial data is imperative. SAP and SAP SuccessFactors are committed to supporting our customers with tools and processes to successfully navigate evolving regulations.

Consider GDPR as a valuable investment for the future of your business. Read our white paper, “GDPR compliance: Where do I start?,” to explore how SAP SuccessFactors solutions and services can help fast-track business success with GDPR compliance.

Ashley Colombo is head of Global and Executive Communications for SAP SuccessFactors.