Amid high interest rates, staff shortages, stubborn inflation and geopolitical uncertainty, regulatory compliance isn’t always given the attention it deserves. Many organizations consider it a box-ticking exercise and mere cost of doing business, without appreciating how compliance programs could be wielded as a competitive differentiator.
In truth, a stronger focus on compliance with global laws could significantly strengthen growth prospects abroad. That in turn should turn attention to the tools which can help accelerate and simplify programs.
The Growing Regulatory Burden
A new era of global data protection regulation began with the EU’s GDPR in 2018. It inspired a wave of similar legislation across many parts of South America, Asia, the Middle East and even some US states. Four currently have laws in force, led by California, while more than twice as many have passed laws. It is both a response to and a driver of more clued-up consumer attitudes to personal information. Individuals want more control over what companies do with their data and expect them to take care of it.
Such laws are made more necessary, but also more challenging to comply with, as corporate cyber-attack surfaces grow. Each new digital transformation project threatens to expand the avenues that threat actors could use to compromise a corporate network, steal data and possibly hold it to ransom. Or provide more ways it could be accidentally leaked and/or sold to third parties such as advertisers. One study finds that 51% of companies think generative AI could erode customer trust.
Against this backdrop, regulators have followed the GDPR’s lead in rolling out their own consumer privacy laws. By and large, such rules do three things: hand more power over personal information to the data subjects themselves; force organizations to get explicit consent for use of this data; and demand that they put “technical and organizational measures” in place to protect data.
Order From Chaos
However, while these various laws may look similar at first glance, they can vary significantly on paper. The GDPR states that any organization processing data on EU citizens is “in scope,” whereas California’s CCPA claims only those collecting data on more than 50,000 citizens are. In the EU, responses to data requests must be made within a month. In California, it’s 45 calendar days and in Brazil just 15.
Where they do tend to align is on the role of data protection technologies. In the GDPR, pseudonymization and encryption are the only technologies recommended by name as helping “to ensure a level of security appropriate to the risk.” For PCI DSS, encryption can significantly reduce the cost and scope of compliance. That’s important, considering businesses spend an estimated 7.5 hours per week on security compliance and many are reducing headcount.
Compliance as a Growth Strategy
Yet regulatory compliance in this context isn’t simply about mitigating the risk of fines and bad publicity in an organization’s existing core markets. It should also be viewed as a potentially major business growth driver. Two-thirds of organizations say that customers, investors and suppliers are increasingly looking for proof of security and compliance from the companies they do business with. In fact, in most jurisdictions, compliance with local laws is a pre-requisite for setting up local operations.
So how can organizations take advantage and use data protection and compliance as a business growth driver? Consider the following steps:
- Work out which markets to target and which regulations apply
- Evaluate security posture in line with the demands of local regulations
- Consider how compliance demands might impact business processes like: hiring local expertise; localizing infrastructure; restructuring data processing, etc
- Invest in data-centric security tools like the comforte Data Security Platform to streamline compliance, improve data protection and reduce costs
- Consider specialized compliance tooling to automate the process
Seven out of ten business leaders say that a better security and compliance strategy can positively impact the organization because it drives stronger customer trust. With the right strategy backed by effective data-centric security tools, compliance programs can evolve from risk mitigation to business growth.