GDPR is an opportunity for organisations to re-balance their total digital engagement
From time to time, companies are faced with regulatory Governance, Risk Management, Compliance (GRC) and IT-Security issues that are on the onset extremely cumbersome. It probably started with SOX (Sarbanes-Oxley Act) in 2004 for added good Governance, after the financial crisis in 2008. The Glass-Steagall Act, (37 pages) was replaced by Dodd-Frank (848 pages) for added Risk Management processes. 20,000 new regulatory requirements for the financial services industry were created in 2015 for added Compliance and to avoid big banks to fail. Now added IT-Security and Data Protection systems must be implemented under The General Data Protection Regulation (GDPR) to protect and preserve all corporate data.
Comply or Complain
When all of the above and other GRC and IT-Security regulatory measures are introduced, the Board and Management have two options; either comply with structured, planned and well-designed implementation practices involving experienced consultants and experts for guidance, or complain that the new bureaucratic and complex regulation is another cumbersome burden on the company and also defeats the regulation's purpose.
Complex regulations are expensive involving thousands of jobs that are added to dedicated efforts to carrying out compliance. However now 12 years after SOX implementation most (USA stock listed) companies have GRC and IT Security processes that get value out of their internal controls and compliance staff as the SOX processes minimise human error. Besides strengthening the internal control environment due to improved documentation, standardised processes and also reducing complexity due to automation, the weak links were strengthened and senior management and the audit committee were involved to 'sign off' SOX controls.
From Massive and Complex To Convergence and Automation
Therefore all significant change can be an opportunity for disruptors and innovators to take charge and enforce innovation in the long run, because complexity gives an advantage to all companies to do it correctly in the first place. If implemented according to the Copenhagen Compliance GRC3 http://www.copenhagencompliance.com/GRC3.html recommendations, companies will be able to save some of the 270 busd companies spend annually on compliance and avoid imposing painful processes on stakeholders in the long run. The final advantage of an adequate and proper GRC implementation is the exploited convergence opportunities it provides for e.g. IT and automation, just like a reliable GDPR implementation would.
Committed To Addressing the GRC Problem
GDPR implementations primarily address the issues of trust and integrity in the company's digital and corporate engagement by balancing the digital engagement by reinvesting in data protection to avoid cyber threats and loss of IP and re-balance digital engagement.
Management and the Board who wish to reduce the risk of losing their reputation and want to be of being 'best or top in class' have two options; either continue struggling with compliance or get your act together and participate at the 10th annual European GRC Summit in London on the 9th and 10th November http://www.grcassembly.com/index.htm. Get the most of your GRCPR and other GRC implementations or take a risk that oversight authorities may impose substantial fines.
Register today at the 10th Annual European GRC Summit in London or the GDPR certification course in Copenhagen: http://copenhagencompliance.com/gdpr/ or http://www.grcassembly.com/register.htm
For other articles on GDPR see: https://www.linkedin.com/pulse/do-mess-data-protection-compliance-kersi-porbunderwalla