Compliance is something organisations have been grappling with for some time, particularly those in highly regulated industries such as insurance and financial services. However, it has come into focus once again with the impending EU General Data Protection Regulation (GDPR). Time is quickly running out, and from May 25th, any business that falls foul of a data breach could face a potential fine of €20m, or 4% of annual turnover fines (whichever is greater).
Despite GDPR gaining thousands of column inches in recent weeks, it appears that there continues to be a head in the sand mentality from a worrying amount of UK businesses on the impending regulation. Recent research we commissioned from Censuswide highlighted a distinct lack of alignment within UK businesses when it comes to managing and maintaining compliance, with almost one third not knowing which regulatory frameworks they need to align to.
A change has got to come
It is vital that there is a change in attitudes. In today’s global climate, compliance is a challenge that nearly every business faces. But it should not be thought of as a simple tick in a box and considered complete the moment it has been achieved. Rather, it should be thought of as an amorphous organism that is continuously changing, and one that cannot be ignored.
There needs to be a transformation in approach; whether that means better tools, more automation or working with a trusted partner to manage the entire process. The good news is that there is an acceptance that this is the case, with 83% of IT decision makers admitting there is room for improvement. The most-cited desired features for tools include real-time alerts, better reporting, open integration with other compliance tools, and more comprehensive monitoring capabilities.
Compliance is winning
Achieving compliance and maintaining it may be viewed as two sides of the same coin, but both are actually very different. Moving beyond simply achieving compliance and making sure an organisation remains compliant is a challenge that’s discussed in boardrooms throughout the country. Within these fast moving, digitally transformative times, compliance needs to keep up with shifting market dynamics so that industry innovation can be effectively fostered, and new products can be brought to market.
Achieving compliance needs to become a badge of honour for organisations, and viewed in the same way as winning even the most prestigious industry award. After all, being compliant demonstrates to customers, partners, investors and other stakeholders that the business is committed to implementing best practices. Conversely, non-compliance leads to severe fines and untold reputational damage that translates into loss of revenue.
The need for a 360-degree view
As digital transformation has continued to take hold across multiple industries, businesses have grown to contain a whole host of data that is siloed across different departments, with no coherent 360-degree unified view. Today, the big data mountain is understood to have reached five zettabytes and the volume of data shows no sign of slowing, especially with the Internet of Things (IoT) becoming more ubiquitous than ever.
With the sheer amount of data being produced, it is becoming difficult to see the forest for the trees. This makes obtaining the information required to become and remain compliant a far from streamlined exercise and opens itself up to potential mistakes.
Due to constantly shifting regulations, businesses are now having to audit their IT compliance requirements on average four and a half times per year, according to our research. Now more than ever, the act of adhering to regulatory requirements requires an ongoing commitment.
While businesses may feel they have the tools and skills to help them deal with compliance, there is often room for much improvement. Unfortunately, full-time compliance people are costly, and difficult to recruit and retain, due to the growing skills shortage in the UK. To plug this gap, businesses often need to look outside of their own four walls and turn to third-party partners to assist them in remaining compliant.
The tools they turn to also need to be fit for purpose. Given that compliance is such a complex and time-intensive task, automating some of the processes can make achieving compliance on a continuous basis easier to achieve. It can also reduce the potential for human error and not only make the entire process more accurate, but more efficient.
A change of mindset
Compliance is a critical aspect for all businesses. A lack of compliance affects the bottom line, stakeholder trust and, in some industries, can stop an organisation from operating altogether. As a result, it is a task that many, if not all, organisations are tackling.
It is not a race that is run once. Businesses need to change their mindset to one of attaining continuous compliance. Only then can a business capitalise on all the benefits that cloud and new technologies actually deliver. Continuous compliance leads to a level of agility that enables a business to be able to compete effectively within marketplaces that continue to shift faster and more frequently than ever before.
Easing the strain
While many organisations are not sure what regulations they need to adhere to, at least there is a shift towards ensuring they do remain compliant and avoid the potentially crippling fines. Yes, managing and maintaining IT compliance can be time-intensive and complex, but by using the correct tools to automate at least part of the process and leaning on third party experts, the strain can be somewhat eased.
As there is a move towards continuous compliance, there is a definite need for the process of both achieving and maintaining compliance to be optimised, streamlined and made more effective. The use of smarter and more intuitive tools and technologies, and automating processes, will enable organisations to gain the benefits they are after, such as real-time alerts, better reporting and bringing all data sources together. Going forward, there will be an increased demand for this type of technology that can optimise the compliance process, both from a management and maintenance point of view.
Javid Khan, CTO of LayerV, a Pulsant company
Image Credit: Docstockmedia / Shutterstock