What is compliance?

What does compliance mean?

Compliance refers to “adherence to rules and guidelines” and is a term used in a professional context to describe the process by which companies try to meet the requirements and recommendations that apply to them – for example privacy laws such as GDPR. The term is also sometimes referred to as “corporate compliance”. This article should provide a better understanding of what compliance entails, how to achieve compliance, who is responsible for it and what happens if you are not compliant.

Two meanings of compliance

When you look up the word compliance, it is defined as “adherence to rules and guidelines”. This is a good start to understanding what compliance entails, but it is not a complete definition. Compliance can have two different meanings, as it both refers to what the company does – i.e. what you as a company do with a view to following rules and guidelines – and what the company is when it follows rules and guidelines. A company becomes compliant when it complies with various legislation. However, it is not a permanent state, as there are often new requirements that the company must adapt to.

 

Why should you aim to be compliant?

Compliance can seem like a daunting task for companies, but it is an important process that should not be underestimated. Being compliant means that your company complies with the laws and regulations that apply to your industry. This can ensure that you do not expose yourself to unnecessary risks and avoid potential fines and sanctions from the authorities.

Achieving and maintaining compliance shows that you take your responsibility seriously and are willing to take the necessary steps to protect both your customers and your business. Compliance can thus help build trust and credibility with your customers and business partners.

 

How do you become compliant?

To the surprise of many, compliance is not a task you complete. It is a continuous task, which includes that a company must:

1. keep up to date with what laws are relevant to them
2. plan and prepare internal guidelines to comply with regulations
3. monitor and evaluate compliance with the rules

Compliance requires the company to be able to answer questions about which laws the company is subject to, how the company will comply with them, how the company will check that they are complied with, and how the company will document this.

In order to ensure that all employees comply with the guidelines for compliance, it is also necessary to have an internal procedure where the company informs employees about how they must act and where the company documents compliance with the requirements for compliance. The latter is particularly important, as it may be necessary to provide documentation to the authorities in the event of a data audit. Read more about how you get ready for a data inspection from the Norwegian Data Protection Authority here.

 

Who is responsible for you being compliant?

As a starting point, the management – the board or the executive board – has the overall responsibility for internal control and risk management, which includes being compliant. In larger companies, however, it is common to hire a compliance officer who can take care of all the work related to being compliant with rules and standards. Having a employee to do the task increases the likelihood that the company will comply with all requirements. In smaller companies, the owner can typically take care of this work himself if he keeps up to date on the rules for the company’s work area.

However, it is important to remember that compliance is a company-wide responsibility and all employees and departments should work together to comply with relevant standards and regulations. The responsible person or department is typically either one or a combination of the following:

• Compliance Person/Department: A dedicated or designated department or person responsible for monitoring and maintaining the Company’s compliance with laws and regulations. In smaller companies, it is often a single person who is appointed.
• Management team: Senior management has overall responsibility for ensuring that the company complies with the regulations and that appropriate systems are in place to ensure that all employees and business partners know and comply with the relevant standards.
• Legal Department: Legal Department typically plays an important role in understanding and complying with legislation and other standards relevant to the business.
• Finance Department: The finance department is usually responsible for complying with accounting standards and reporting correct financial information to the authorities and other stakeholders.
• HR department: The HR department also has an important role to play in ensuring complies with laws and regulations related to employment, working conditions and personal data.’
• IT department: The IT department plays a role in ensuring that the systems and data used by the company comply with relevant standards, including data security and the Personal Data Regulation.

 

The easy way to compliance

For a small or medium-sized company, being compliant can be an extensive task. Fortunately, compliance tools can help you meet the requirements of the GDPR faster and more accurately than manual processing. These tools are capable of automating many of the processes involved in processing personal data and complying with GDPR requirements. If you want to know more about what a GDPR tool can do for your company, you can read more here.