GovernanceOECD governance principles
The 2023 G20/OECD Principles of Corporate Governance revision elevates board accountability for sustainability and data stewardship, guides staged setup across ownership structures, and links disclosure reforms to DSAR-ready transparency.
Verified for technical accuracy — Kodi C.
2023 Principles Update Overview
The organization for Economic Co-operation and Development (OECD) released the revised G20/OECD Principles of Corporate Governance on , marking the first update since 2015. Endorsed by G20 Leaders days earlier in New Delhi, the 2023 text reflects lessons from the pandemic, climate risk, digitalisation, and evolving capital markets. The Principles remain the global benchmark for policymakers, regulators, and companies shaping corporate governance frameworks. Boards must digest the strengthened expectations around sustainability oversight, shareholder engagement, and data governance, and setup teams need roadmaps for adapting internal policies, disclosure controls, and DSAR processes to the updated guidance.
Sustainability and Resilience Chapter
The revised Principles add a new Chapter VII on “Sustainability and resilience,” reinforcing that boards should oversee material sustainability matters, integrate climate and broader ESG risks into strategy, and ensure access to expertise. The chapter calls for strong internal control and risk management systems that cover sustainability metrics, scenario analysis, and disclosures.
Boards should align incentives with long-term value creation and to monitor supply-chain due diligence. These improvements require governance committees to refresh charters, define accountability for climate and human rights oversight, and secure reliable data flows from operations, procurement, and compliance. Because sustainability metrics often rely on workforce and stakeholder personal data, privacy teams must align DSAR procedures with the expanded transparency obligations.
Chapter V on disclosure and transparency now stresses the importance of sustainability reporting, greenhouse gas emissions data, and forward-looking information. It recommends that disclosures be based on high-quality standards, subject to assurance, and accessible to teams.
Companies should evaluate whether their reporting frameworks—such as IFRS S1/S2, ESRS, or jurisdictional standards—meet investor expectations and regulatory mandates. Implementation teams must improve data governance to capture accurate, complete, and timely information. They should also harmonize financial and non-financial reporting processes, ensuring that DSAR teams can trace published sustainability metrics back to the individual-level data that data subjects may request under GDPR or other privacy regimes.
Digital Governance Expectations
The Principles emphasize digitalisation throughout. Chapter IV recognizes that teams, including employees and customers, now rely on digital platforms to interact with companies. Boards are urged to oversee data governance policies that protect privacy, cybersecurity, and the ethical use of artificial intelligence.
Chapter VI on the responsibilities of the board calls for directors to ensure internal controls cover digital risks and to obtain the necessary skills to oversee technology. Companies should therefore integrate privacy and cybersecurity officers into board reporting routines, expand director training on data governance, and document how DSAR obligations fit within digital transformation initiatives. Logging DSAR metrics alongside cyber incident reports during board meetings provides evidence that directors are fulfilling these updated expectations.
The revised text also strengthens expectations for shareholder engagement and ownership disclosure. Chapter II encourages regulators to ensure that ownership structures are transparent and that shareholders have equitable voting rights.
Chapter III urges institutional investors to adopt stewardship codes, disclose voting policies, and manage conflicts of interest. Corporate secretaries should reassess investor relations policies, proxy engagement strategies, and beneficial ownership tracking systems. Implementation steps include upgrading share registry platforms, mapping communication channels with minority investors, and ensuring that DSAR processes can accommodate shareholder access requests, including those about personal data held in share registers or voting platforms.
Policymakers will align national codes and listing requirements with the updated Principles. Companies operating across jurisdictions should monitor legislative timelines—such as the European Union’s forthcoming Corporate Sustainability Due Diligence Directive, U.S. SEC rulemaking, and Asia-Pacific stewardship reforms—to anticipate mandatory changes. Implementation teams should maintain regulatory inventories and assign owners to track developments, ensuring that governance practices remain aligned with emerging rules. Cross-border groups must harmonize policies so DSAR handling for shareholders, employees, and teams remains consistent, even when local privacy laws differ.
The Principles highlight the need for effective whistleblowing mechanisms and stakeholder grievance processes. Boards should oversee anonymous reporting channels, protect whistleblowers from retaliation, and ensure investigations are independent. These systems generate sensitive personal data and often lead to DSAR submissions from reporters or individuals named in complaints. Teams should create protocols that balance transparency with confidentiality, maintain audit trails for investigations, and coordinate with data protection officers to manage DSAR responses without compromising legal privilege or retaliation safeguards.
Implementation sequencing can follow a governance maturity model. Phase 1 should involve a gap assessment comparing existing board practices, policies, and disclosures with the updated Principles.
Companies can map each chapter to responsible functions—board committees for oversight, finance for disclosures, legal for shareholder rights, HR for workforce engagement, and privacy for DSAR handling. Phase 2 can prioritize quick wins, such as updating board competency matrices, enhancing director induction materials, and codifying ESG oversight in committee charters. Phase 3 can address more complex initiatives, including integrated reporting, supply-chain due diligence, and technology governance frameworks that incorporate privacy-by-design.
Metrics and monitoring play a central role. Boards should receive dashboards that track progress against Principle-aligned goals, including adoption of sustainability reporting standards, DSAR response times, shareholder engagement frequency, and outcomes of whistleblowing investigations. Internal audit can expand its assurance plans to cover sustainability data controls, digital governance, and shareholder rights processes. External auditors and assurance providers may seek evidence that the company has incorporated the Principles into its governance system, so maintaining documentation—board minutes, policy updates, training records, and DSAR logs—will be critical.
The OECD also highlights the importance of high-quality data governance systems. Chapter V encourages the use of digital tools for disclosure while guarding against misuse of personal data, and Chapter VI expects boards to oversee internal audit and compliance programs that cover data integrity. Teams should invest in master data management, lineage documentation, and automated validation that link sustainability metrics, financial results, and DSAR inventories. When investors, employees, or community representatives seek access to records underpinning public reports, these capabilities enable fast, consistent responses that show respect for both transparency and privacy.
Finally, the Principles encourage policymakers and companies to support MSMEs and state-owned enterprises (SOEs) in strengthening governance. Larger enterprises should use their influence to cascade responsible practices through supply chains and joint ventures, including providing templates for governance policies, sustainability reporting, and privacy management.
DSAR support clauses in supplier contracts can help smaller partners honor data subject rights without compromising security. By embedding the OECD’s 2023 revisions into governance frameworks, companies not only align with global best practice but also build trust with investors, regulators, and teams who expect transparent, accountable, and privacy-conscious corporate behavior.
Continue in the Governance pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Board Oversight Governance Blueprint
Unify Basel Committee, PRA, SEC, and ISSB oversight mandates into an auditable board governance operating model with data lineage, assurance cadences, and regulatory source packs.
-
Third-Party Governance Control Blueprint
Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.
-
Public-Sector Governance Alignment Playbook
Align OMB Circular A-123, GAO Green Book, OMB M-24-10 AI guidance, EU public sector directives, and UK Orange Book with digital accountability, risk management, and service…
Coverage intelligence
- Published
- Coverage pillar
- Governance
- Source credibility
- 92/100 — high confidence
- Topics
- OECD governance principles · Sustainability reporting · Digital governance · Board oversight
- Sources cited
- 3 sources (oecd.org, iso.org)
- Reading time
- 6 min
Cited sources
- OECD announcement of the revised Principles — OECD
- Revised G20/OECD Principles of Corporate Governance (2023) — OECD
- ISO 37000:2021 — Governance of Organizations — International Organization for Standardization
Comments
Community
We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.
No approved comments yet. Add the first perspective.