By Javid Khan, CTO of LayerV, a Pulsant company
Compliance is something organisations have been grappling with for some time. However, it has come into focus once again with the impending EU General Data Protection Regulation (GDPR). Time is running out. From May 25th, any business that falls foul of a data breach could face a potential fine of €20m, or 4% of annual turnover fines (whichever is greater).
Despite increasingly stark warnings in the media, it appears there continues to be a head in the sand mentality towards GDPR and other regulatory requirements. Recent research we commissioned from Censuswide highlighted a distinct lack of alignment within UK businesses when it comes to managing and maintaining compliance, with almost one third not knowing which regulatory frameworks they need to align to.
Attitudes must change. In today’s global climate, compliance is a challenge for all. It is important not to simply think of compliance as a checkbox exercise that is considered complete the moment it has been achieved. Rather, it should be thought of as something that is continuously morphing, and because of this there needs to be a change of approach; whether that means better tools, more automation or working with a trusted partner to manage the entire process. The good news is that there is an acceptance that this is the case, with 83% of IT decision makers admitting there is room for improvement.
Achieving compliance and maintaining it can be seen as the same task, but both are in fact entirely different. We are currently in a fast-paced digital transformation period, and so compliance needs to keep up with shifting market dynamics so that industry innovation can be effectively fostered, and new products can be brought to market.
Achieving compliance should be viewed as a badge of honour for organisations. After all, being compliant demonstrates to customers, partners, investors and other stakeholders that the business is committed to implementing best practices. Conversely, non-compliance leads to severe fines and untold reputational damage that translates into loss of revenue.
Our research shows that businesses are now having to audit their IT compliance requirements on average four and a half times per year. Now more than ever, the act of adhering to regulatory requirements requires not just an ongoing commitment, but an ongoing commitment.
While businesses may feel they have the tools and skills to help them deal with compliance, there is often room for improvement. Unfortunately, full-time compliance people are costly, and difficult to recruit and retain. Businesses often, therefore, look outside of their own organisation and rely upon third-party partners to assist them.
The tools they turn to also need to be fit for purpose. Given that compliance is such a complex and time-intensive task, automating some of the processes can make achieving compliance on a continuous basis easier to achieve. It can also reduce the potential for human error and not only make the entire process more accurate, but more efficient.
Compliance is critical for businesses. A lack of compliance erodes consumer trust and can have a detrimental effect on the bottom line. As such, there needs to be a change of mindset among business to one of attaining continuous compliance. Only then can it capitalise on all the benefits that cloud and new technologies actually deliver. Continuous compliance leads to a level of agility that enables a business to be able to compete effectively within marketplaces that continue to shift faster and more frequently than ever before.
While many organisations are not sure what regulations they need to adhere to, at least there is a shift towards ensuring they do remain compliant and avoid the potentially crippling fines that would otherwise fall at their door. Yes, managing and maintaining IT compliance can be time-intensive and complex, but by using the correct tools to automate some key components of the process and by leaning on third party experts, the strain can be somewhat eased.
As there is a move towards continuous compliance within savvy organisations, there is a need for the process to be optimised, streamlined and made more effective to ensure their sanity. The use of smarter and more intuitive tools and technologies, and automating processes, will enable organisations to gain the benefits they are after, such as real-time alerts, better reporting and bringing all data sources together. Going forward, there will be an increased demand for this type of technology that can optimise the compliance process, both from a management and maintenance point of view.