Data & Analytics News South Africa

GDPR and PoPIA: Cost of non-compliance is hefty

One of the biggest challenges for businesses today is keeping up-to-date with constantly changing regulations. This is largely due to the dynamic nature of the compliance landscape. This is according to Argantic director Richard Shaw.
Source:
Source: Pixabay

While compliance with regulations like the Protection of Personal Information Act of 2013 (PoPIA) and General Data Protection Regulation (GDPR) come with hefty price tags, the alternative is far more costly.

According to a study by the Ponemon Institute and Globalscape, being compliant will cost less compared to business disruptions, loss of revenue, and hefty fines. The cost of non-compliance is more than twice that of compliance costs.

In fact, this report finds that the cost of non-compliance is nearly three times higher than the cost of compliance. Organisations that delay compliance efforts are taking an ill-advised risk which could ultimately yield a pricier penalty.

Managing compliance

Many companies rely on periodic assessments, like annual audits. However, these periodic assessments create a digital blind spot, they can quickly become outdated and could expose the company to potential risks until the next assessment is done.

Business leaders should find ways to improve integration and create near real-time assessments to control risks caused by digital assets. They normally know the technology solutions but find regulations difficult to understand.

In contrast, compliance and legal teams are normally familiar with the regulations but struggle to understand the technology that could help them comply. Many of these teams still try to track compliance manually by using general-purpose tools like Microsoft Excel.

There are many complexities in managing compliance activities and this often hinders adoption. The biggest challenge is understanding how to integrate various solutions and configure each one to minimise compliance risks. This becomes exceptionally difficult when solutions are sourced from various vendors and especially when they have overlapping functionality.

Managing data

Businesses are generating and consuming much more data than ever before and their digital transformation journeys are geared to help them gain an edge over their competitors. This data enables them to stay relevant by empowering their employees, engaging customers and optimising operations. However, managing this data on various devices can be extremely complicated, especially when it comes to ensuring compliance.

Not only is the amount of data growing exponentially, but legislation and regulations on how to manage that data are also becoming more complex. Collecting customer information is an integral part of how businesses function, but it remains a challenge to maintaining and protecting this personal data.

Non-compliance could result in significant fines and it could also have a significant impact on a company’s brand, reputation and revenue.

Simplify compliance

Business leaders need simple tools that will help them manage compliance.

The solution translates complicated regulations, standards, company policies, and other desired control frameworks into simple language, maps regulatory controls and recommended improvement actions, and provides step-by-step guidance on how to implement those actions to meet regulatory requirements.

It helps customers prioritise work by associating a score with each action, which accrues to an overall compliance score. Compliance managers provide pre-built assessments for common industry and regional standards and regulations, and custom assessments to meet a company's unique compliance needs. Assessments are also available depending on the licensing agreement.

It also offers workflow functionality to help one efficiently complete risk assessments. Compliance managers provide detailed guidance on actions one can take to improve the level of compliance with the standards and regulations most relevant for one's industry.

A risk-based compliance score also helps business leaders understand their compliance posture by measuring their progress in completing improvement actions.

Shared responsibility

Businesses that run their workloads on-premises are entirely responsible for implementing the controls necessary to comply with standards and regulations. With cloud-based services, that responsibility becomes shared with the cloud provider, who is ultimately responsible for the security and compliance of their data.

Microsoft manages controls relating to physical infrastructure, security, and networking with a software-as-a-service (saas) offering. Businesses no longer need to spend resources building data centres or setting up network controls.

With this model, businesses manage the risk for data classification and accountability - and risk management is shared in certain areas like identity and access management. More importantly, because responsibility is shared, transitioning one's IT infrastructure from on-premises to a cloud-based service reduces the burden of complying with regulations.

Compliance score

A compliance manager helps business leaders prioritise which actions to focus on to improve their overall compliance posture by calculating their compliance score. The extent to which an improvement action impacts one's compliance score depends on the relative risk it represents.

A compliance score measures the progress towards completing recommended actions that help reduce risks around data protection and regulatory standards. The initial score is based on the Data Protection Baseline, which includes controls common to many industry regulations and standards.

While the Data Protection Baseline is a good starting point for assessing one's compliance posture, a compliance score becomes more valuable once assessments relevant to the specific requirements of the company are added.

Filters can also be used to view the portion of one's compliance score, based on criteria that include one or more solutions, assessments and regulations.

Let's do Biz