Why compliance regulations can actually be a boost for business
Within many businesses, law firms no exception, regulatory compliance requirements are often viewed as a necessary evil. Put in place by authorities with little apparent care for profits, the laws are deemed to act as a handbrake on productivity. This view, however, is not entirely accurate, writes Derek Cowan.
Regulations protect businesses as entities, the people they employ, and the individuals they serve. Being compliant isn’t an option. It’s a requirement. So it’s important to see being compliant as a virtue, and to what degree you’ve achieved that compliance, perhaps a unique selling point.
Time and time again, technology has been there to show how it can make that a possibility, if not in its entirety, to at least support the process, making compliance more straightforward and not, as some see it, to add to the headache associated with regulation.
The changing face of compliance
When it comes to regulating an organisation’s use of technology, we’re involved in an evolutionary process. Take the General Data Protection Regulation (GDPR), which is to protect individuals’ privacy and only needs to exist because of the vast amounts of personally identifiable information (PII) that businesses obtain, store and use.
GDPR was necessary in part because older data protection acts in use across the world weren’t fit for how modern businesses collect and use personal data.
Expect more regulation to become apparent as technology evolves. One area to watch is the growth of artificial intelligence (AI). The European Parliament is very active in this space and plans to develop a legal framework for AI development and deployment. Don’t think about AI in just the sense of robots; the framework is likely to cover software powering machine learning, the algorithms used and data manipulation.
The European Parliament has adopted proposals on the approach it should take and has agreed that future laws will be made under several guiding principles: transparency and accountability, safeguards against bias and discrimination, right to redress, social and environmental responsibility, and respect for privacy and data protection. We can expect to see a legislative proposal relatively soon.
Importantly, a key strand of the European Parliament’s framework’s development is the desire to ensure that technological development isn’t stifled by regulation. On the other hand, regulation is needed. You only have to search for bias in facial recognition to uncover some quite profound issues with what is still a very early-stage technology.
Data management a critical part of achieving compliance
It is difficult to argue against legislation in areas like PII and AI to protect fundamental human rights. Those that do should give it further consideration.
What matters most is that big and small leadership starts seeing this kind of legislation as enabling rather than stifling. The first step on this road is accepting that there will be more regulation to come as societal issues gain complexity in tandem with technology’s developing capabilities.
The next step is to take a long, hard look at the data life cycle in your organisation. Evaluate how you manage data across the entire organisation, throughout the process of acquisition, storage, manipulation, backup and archive, and eventual deletion.
To do this involves going back to the drawing board to unpick years of ad-hoc development that’s been the consequence of organisational growth, data sprawl, and potentially even acquisitions. Be prepared for it to be messy. You might find that a data protection audit and the management tools you need to use involve multiple platforms across different organisational teams that duplicate functions or are incompatible.
There might be silos that store data that could be useful to other parts of the organisation, if only they had access. Those silos might contain data that varies significantly – how do you know what’s the most up to date, what’s accurate and what’s not?
There might be multiple data storage and backup regimes, purchased from different providers, costing more than a streamlined service would cost. As I said, be prepared for an eye-opening experience.
Delivering additional business benefits
While getting your house in order to make compliance as easy as possible, an organisation can reap other benefits, both operational and financial. Eliminating data duplication means less storage infrastructure is required (on premises or cloud).
Backups take less time and can be done more regularly; restores are faster and easier because you know precisely what you need to restore and where it resides. Furthermore, solid archiving policies, including what to archive, when to archive, and how long archives should be kept before deletion, will help with data storage and finding archived data later on.
And finally, regularising data storage, backup and restore, putting the management of all of these in the hands of a single provider, will result in efficiencies and improved return on investment.
We can’t predict the future, but we do know three things. Regulations aren’t going to disappear, and customers have become more aware of who they do business with, and consumers are increasingly knowledgeable about their privacy and rights. This puts pressure on an organisation to demonstrate its data protection posture to win its customers’ loyalty. Mature organisations work proactively to inform, educate, and assure customers of their data protection measures.
Changing management’s view of compliance can have a flow-on effect for an entire business. Rather than being viewed as a tedious chore, it can become part of a wider push for improved organisational functioning. Compliance can actually deliver business benefits.
Derek Cowan is a director, systems engineering – APAC at Cohesity.