Is Your Compliance Strategy Enabling Innovation or Holding It Back? — Loreto Reguera, Bridgestone

Author: Allen Acuna Date: July 2026
Loreto Reguera EC thumbnail Executive Chats
Loreto Reguera LI thumbnail

Loreto Reguera

Chief Privacy & Data Protection Officer | Bridgestone

Loreto Reguera, Chief Privacy & Data Protection Officer at Bridgestone and an internationally experienced legal and privacy leader, talks to The Ortus Club about why in-house lawyers must be embedded enablers rather than end-of-line advisors. With a career spanning intellectual property, data protection, and multinational compliance across Europe, the Americas, and beyond, Loreto argues that the most effective legal leaders do not simply interpret the law — they shape the direction of business in a way that is compliant from the very beginning.

Follow The Ortus Club on LinkedIn to keep up-to-date on our conversations with today’s top technology leaders.

Executive Summary: Key Takeaways

  • Legal as Enabler, Not Gatekeeper: In-house lawyers who embed within business teams and understand their priorities can shape compliant innovation from the start, rather than providing advice only at the end.
  • The Data Protection Misconception: The biggest misunderstanding is that personal data cannot be shared. In reality, it can — what matters is how it is shared, with whom, and for what documented purpose.
  • Governance Before Tools: Organisations that adopt AI tools without a long-term governance structure, clear roles, and defined responsibilities create short-term fixes that fail at scale.
  • Compliance as Documentation: True compliance is not just about having processes in place; it requires consistent monitoring, review, and documented evidence that those processes are being followed.
  • Long-Term Strategic Thinking: Before deploying AI or data-driven technologies, executive teams must ask whether the approach will remain sustainable beyond the immediate need.

SHARE POST


The intersection of technology and law has defined Loreto Reguera’s career. With experience spanning intellectual property, data protection, and multinational compliance, she has worked across industries, including consulting and manufacturing, always with an international scope that covers countries in Europe, Latin America, and beyond. Before joining Bridgestone, Loreto helped shape the global privacy and governance programme at Accenture. 

At Bridgestone, she was brought in to build the privacy and data protection programme across the West. Her approach is rooted in a belief that legal leadership is not about interpreting the law in isolation, but about embedding within teams to understand their priorities and shaping compliant paths forward from the very beginning. 

She actively engages in high-level conversations with fellow senior leaders, using these dialogues to refine her understanding of how different industries and cultures approach compliance, governance, and innovation.

How has your enabler philosophy shaped your approach to legal leadership?

Loreto explains why in-house lawyers must go beyond interpreting the law and instead embed within business teams to shape compliant innovation from the start.

“When sales teams and manufacturing teams come to in-house lawyers, they are looking for advice on the legal elements and a translation of how the legislation affects them. But if an in-house lawyer only limits itself to providing a definition of the law, that is not the full scope. 

If we are embedded in the teams and we understand the priorities and the needs, we are able to shape exactly their direction in a way that is compliant, that is not going to cause problems later, and that is prepared for the future from the very beginning. In today’s economy, even for small companies, projects are by definition international, and there are many legislative elements that need to be considered. The added value that lawyers can bring is to really help shape the direction, not just provide advice at the very end.”

What is the biggest misconception organisations still have about data protection?

Loreto identifies the most common misunderstanding about privacy regulation and explains why data sharing is not the problem — a lack of purpose clarity is.

“No matter how many trainings you do, there is always a misconception. A lot of engineers, for example, think that you cannot share personal data, and they see that as a showstopper. But that is a misconception. Under the GDPR in Europe and many other legislations, you can share data. It is about how you share the data, how you protect it, with whom, and how you document and are transparent in what you are doing. 

Sometimes we just need to think better about the purpose of what we are going to do. Anonymised data creates a completely different compliance scenario. At the end of the day, you may get exactly what you need without all the obligations that are not necessary.”

How should organisations balance AI innovation with responsible governance?

As organisations rush to adopt AI tools, Loreto warns that technology without a governance structure is a short-term fix with long-term consequences.

“There are a lot of opportunities at the moment, and a lot of times organisations jump into tools that allegedly can solve any problem. Those tools probably work, but if you are not sure about the long-term need, and you are not sure about the governance structure around the situation, having a tool will not help in the long run. 

It could help you solve a specific need today, but it is a mistake to just jump into a tool without having a clear structure, a clear long-term vision, without defining very clearly roles and responsibilities, and a governance model that could enable the use and the reshaping of the tool in the long term.”

Will consumer privacy awareness reshape how companies operate?

Looking three to five years ahead, Loreto argues that growing individual awareness of data rights will force companies to earn trust rather than simply comply with regulation.

“Technology is now part of our lives. We could not live without being connected at all levels of society. Because of that, I believe there will be more and more understanding of what companies can do, because companies do not want to take advantage of individuals — there is no trust in that. 

To be successful, companies need to build that trust. It is not about only being compliant because the law says so. There will need to be a combination between what individuals think is appropriate and the way that companies operate. If not, they will not have the trust of the individuals, and they will not get their ultimate goal.”

What should every executive team ask before deploying new AI?

In a landscape driven by reactive decision-making, Loreto urges leaders to pause and consider whether their approach will remain sustainable beyond the immediate need.

“I would think long-term and have a vision. The immediate temptation might be to say, if I can do this process quicker with a tool instead of employees, that is obvious. But maybe that is going to serve some purpose today and is not going to be sustainable in the future. 

I see trends that are acting in a very reactive way to address the markets and the business. But it is difficult to pause and think more about sustainability and the medium to long term. Companies that succeed are companies that have that long-term investment embedded.”

Join the Conversation: The Ortus Club’s Executive Network

As Loreto’s perspective shows, the most effective compliance and privacy leaders are not those who simply interpret legislation — they are the ones who embed within their organisations to shape innovation from the very beginning. In a regulatory environment growing more complex by the day, the leaders who succeed are those who combine legal expertise with genuine business understanding.

Her emphasis on long-term governance over short-term tools reflects a broader reality: in an era of accelerating AI adoption, the organisations that build trust are the ones that invest in sustainable frameworks rather than reactive fixes. This is not a challenge that can be solved in isolation.

At The Ortus Club, we host curated executive roundtables that bring together senior leaders facing these exact challenges. Move beyond the misconceptions of data protection and engage in the kind of open, high-value conversations that bridge the gap between regulatory complexity and business innovation.

Frequently Asked Questions

Q: What does it mean to be a legal enabler rather than a legal adviser?

A: A legal enabler embeds within business teams to understand their priorities and shape compliant paths from the start, rather than providing advice only at the end of a project when costly adjustments may be needed.

Q: Can organisations share personal data under the GDPR?

A: Yes. The GDPR and many other data protection laws do not prohibit sharing personal data. What matters is how the data is shared, with whom, for what documented purpose, and whether appropriate protections such as anonymisation are applied.

Q: Why is governance more important than tools in AI adoption?

A: AI tools may solve an immediate problem, but without a long-term governance structure, clear roles, and defined responsibilities, organisations risk building solutions that cannot scale, adapt, or remain compliant as needs evolve.

Q: How does compliance differ from just having processes in place?

A: Having processes is only the first step. True compliance requires consistent monitoring, regular review, and documented evidence that those processes are being followed and improved over time.

Q: What is the most important question before deploying AI?

A: According to Loreto Reguera, the question is whether the approach will remain sustainable beyond the immediate need, encouraging long-term strategic thinking over reactive decision-making.

Are you ready to share your perspective with a global network of peers?

More Interviews

Paramdeep Singh Saini EC thumbnail

Do you have knowledge to share?

Schedule your interview!

By submitting this form, you consent to our Privacy Statement.