According to Gartner, companies spend $5.61 trillion a year on software. So if it feels like your colleagues are constantly investing in new tools, you're probably right. They do it because it makes their work easier or gives the business a competitive edge.

You should have a seat at the table…‍

Privacy and information security professionals should, of course, be involved in the decision-making process when new software is being considered. Every time your marketing team discovers the latest smart tool, the risk of data breaches and security incidents increases.

That’s why you need to be at the table whenever a tech solution is being purchased. But that’s not how it usually works.

You’ve seen this before. The system is already bought. The contract is signed. “It’s working great,” marketing says. You’re brought in – at the very end. When it’s too late to make any meaningful changes.

And you know just how hard it is to negotiate privacy or security terms from that point forward. Suddenly, the vendor is a lot less responsive to emails or change requests.

We could spend hours talking about these problems. But let’s focus on why you’re not being included in the first place.

…but no one’s sending you an invitation

There are two reasons:

1️⃣ They DON’T KNOW you should be involved
When your colleagues are buying systems, they think about functionality, price, and service. They don’t think, “We should bring in Privacy and InfoSec right away.” That thought only comes up later – if at all.

Why? Because your function is misunderstood. Your colleagues don’t view your role as business-enabling. They see you as something that becomes necessary later in the process. It’s a common – but outdated – way to think about privacy and security.

The solution? Shift how your role is perceived. Move from being seen as legal or security gatekeepers to being viewed as strategic partners. That shift is entirely possible.

But there’s a bigger issue if they do know you should be involved – and still leave you out.

2️⃣ They DON’T WANT you involved
If that’s the case, there’s usually only one reason:

You and your team are perceived as blockers. Your colleagues assume you’ll say no – either because something is forbidden or too risky. Maybe they’ve experienced you as someone who doesn't engage constructively. You say, “No!” instead of, “Help me understand what you're trying to achieve, so we can find a solution that’s secure and sustainable for everyone.”

The solution here is a mindset shift – both personally and across the department. You need to move from being problem-focused to solution-oriented.

From problem to solution‍

Let’s dive a bit deeper. Those of us working in privacy and security are trained to assess and manage risk – to individuals, to the business, and, ultimately, to society.

We put on our “risk glasses” every morning – and they color everything we see. Where others see opportunity, we often see risk.

And that’s important – it’s our job to protect people, organizations, and systems. But it also means we’re quick to highlight the downside of everything from digital marketing to employee monitoring and AI.

We say: “No.”

But that’s not what our colleagues need. They’re trying to solve business challenges or seize opportunities. They’re open to thinking about security and privacy – but only if we offer them viable paths forward.

If we do that, they want us involved.

They want to hear us say: “Let’s dig into this together and see if we can find a way to achieve your goal that’s both lawful and secure.”

A new mindset‍

So, how do you get there? Here are four ways to start:

🔍 Ask questions to understand what your colleagues are trying to achieve – instead of starting with “no.”
Often, the business goals are achievable, especially if you're involved early. So be curious.

🤝 Build relationships with those who invest in new tools.
Talk to Marketing and HR before they’re in the middle of something risky. Understand their objectives – and share your own. Build mutual understanding.

👂 Listen for signals.
Sometimes you need to knock down the door. If you hear talk of new tools or vendors, offer your help. Get involved.

💬 Communicate solutions.
This isn’t about compromising your principles. It’s about solving problems together. “No” often shuts the conversation down. A solution keeps it going.

Be the person they want at the table‍

It doesn’t take much to change how people see you. We've spoken to many professionals who’ve made this shift:

• The GDPR officer who rotates between departments, spending a day each week embedded with different teams
  
  
• The security lead who self-invites to team meetings to offer insights and support
  
  
• Or the one who’s always asking smart questions – staying one step ahead
  
  

…and remembers that a “no” with a question mark opens far more doors than a “no” with an exclamation mark ever will.

Call to action:‍

Think about how you last communicated in an innovation project. Find three moments in your day where you can ask curious questions and support others’ goals. Make it your mission to be the person everyone wants at the table.