What does compliance mean?
Compliance is defined as adherence to rules and guidelines. It is a term that, in a professional context, describes the process by which companies try to meet any legal requirements and recommendations that apply to them. The term is also sometimes referred to as “corporate compliance”. Compliance is often, but not exclusively, about protecting sensitive data. It is this part of compliance that this blog deals with. I want to provide a better understanding of what compliance entails, what happens in the event of a breach of compliance, who is responsible for compliance and, not least, how to achieve compliance.
Did you know that businesses with a strong compliance posture significantly reduce the cost of a data breach? (www.ponemon.com) .
Two meanings of compliance
Compliance can have two different meanings. First, it refers to what the company does, your steps you take to follow rules and guidelines. Secondly, it describes the success of such efforts, i.e. becoming compliant. Compliance is not a permanent state. It is an ongoing process that requires self-monitoring to be sure you continue to meet regulations. Additionally, you must keep up with any new legal requirements that may apply to your company.
What does compliance affect?
As mentioned, compliance is about compliance with all relevant laws, regulations, standards and internal policies that apply to a company. This may include legislation related to finance, data protection, health and safety, trade, environment, health and safety, as well as ethical standards and industry-specific requirements. Compliance also involves the implementation of appropriate control and monitoring mechanisms to ensure that these rules and standards are adhered to in a consistent and effective manner. Compliance is thus a broad term, but we will in future deal with compliance in relation to data protection.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Why should you be compliant?
Being compliant means that your company complies with the laws and regulations that apply to you when it comes to handling sensitive personal information. Compliance can seem like heavy duty for some companies, but it is a process that should not be de-prioritised. In short, you can argue that compliance is important for three reasons:
- Compliance demonstrates responsible business practices and strengthens trust in e.g. customers and business partners
- Compliance reduces financial losses by avoiding or minimising fines
- Compliance can equip companies against data leaks and cyber attacks
What happens if you break compliance?
In the UK, the Data Protection Act outlines the domestic guidelines for managing personal data, while the UK GDPR (United Kingdom General Data Protection Regulation) mirrors the GDPR (General Data Protection Regulation) and serves as the data protection regulation that companies in the UK must adhere to post-Brexit. In the UK, oversight and audits are managed by the Information Commissioner’s Office (ICO). Failure to comply with UK GDPR regulations can result in severe repercussions for both individuals impacted by data breaches and the companies responsible for exposing personal data.
How do you become compliant?
In order to achieve compliance, there are a number of processes you have to go through. For example, it is crucial that you understand the applicable rules, have procedures for processing sensitive data, formulate a privacy policy, appoint a data controller, etc. To help you become compliant, we have created a GDPR checklist.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Who is responsible for you being compliant?
Ultimately, the responsibility for compliance falls to management. This includes, for example, the owner of the company, the CEO, the executive board, and others who control it are legally responsible for it. Management is responsible for internal control and risk management, which includes being compliant. Larger companies are required by law to hire or appoint a Data Protection Officer who can take care of all the work related to being compliant with rules and standards.
In smaller companies, the owner may need to personally take care on compliance. It can be tricky for small business owners to juggle compliance along with all the other issues that require their attention. But if the owner keeps up to date with the rules that apply to their sector and has the right tools and support, they can manage it. However, it is important to remember that compliance is a company-wide responsibility and all employees and departments should work together to maintain compliance with relevant standards and regulations.
The smart way to compliance
Regardless of the size of your company, being compliant can be an extensive task. Fortunately, compliance tools can help you meet the requirements of the GDPR faster and more accurately than manual processing. These tools are capable of automating many of the processes involved in processing personal data and complying with GDPR requirements.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →