For too long, compliance has been relegated to risk management. Now's the time to think differently.
It's true that for the majority of organisations, compliance with legislation is viewed as an exercise in risk mitigation. Sure, investing money in training and developing preventative processes is the best way to avoid expensive fines and protect your organisations' reputation in the event of a compliance breach. But should this be the only motivation?
It's more than likely you've already received emails and/or read news articles reporting on the punitive nature of the forthcoming GDPR legislation and its threat of hefty fines for non-compliance. This is a good example of the sort of thinking that positions compliance as no more than an expensive insurance policy… a necessary evil that takes up both time and budget.
Sadly, in many cases something has to go wrong before sufficient investment in compliance is forthcoming, and yet, by this time, the damage is usually done.
Revitalise your compliance efforts:
Yes, a good compliance programme will keep your internal and external auditors on side. It will also help to avoid expensive legislation and protect your reputation should the worst happen. However, have you considered the way compliance provides your organisation with a competitive advantage, allowing it to gain extra sales or increase revenues/profit margins?
Think about it, in an increasingly regulated world where evermore scrutiny is placed on supply chains and third parties, there is an opportunity to showcase your compliance efforts/achievements to achieve a competitive edge. In other words, compliance should be less about keeping your head 'just above water', and more a way of illustrating the value you place upon your company, its employees, and its customers. After all, being the organisation who is willing to go the extra mile to protect its customers could be a real selling point when it comes to securing new contracts or adjusting pricing structures – always good news for the C-suite.
Let's look at a couple of examples:
It is not currently a legal requirement within the UK to monitor your supply chain for signs of modern slavery, but your organisation is probably required (under the UK Modern Slavery Act) to tell people what they are doing/not doing to combat modern slavery, i.e. you are required to publish a Modern Slavery Transparency Statement. To publicly state that 'we are doing nothing' tells the world that your organisation doesn't care, or that it's drastically out of touch with what's going on in the business-world and society today. On the other hand, an organisation that can demonstrate how seriously it takes its moral and ethical responsibilities when it comes to preventing modern slavery, and also how much it has invested in ending the practice for the good of all people, has the advantage when it comes to pitching for new contracts.
We can apply the same logic to GDPR. Why not be proactive in reassuring your customers and clients how seriously you take the upcoming shift in legislation, and how you are preparing to protect their data in-line with the new laws? Rather than a chore, then, compliance can be a great reason to reiterate the trust between you and your customer-base and reassure them that your organisation is on the ball – over and above the competition.
Don't forget, making room in the budget for compliance becomes much more achievable when senior management view the investment as it directly contributes to your bottom line through sales and profitability.
Positioning compliance as more than a box-ticking exercise, but instead as a strategic business partner (as well as risk mitigation) makes for a compelling case indeed.
MD, DeltaNet International