2017 is turning out to be a tumultuous year for compliance. A combination of Brexit, a Trump presidency and the reform of EU privacy rules has put regulatory change and uncertainty back into the spotlight. Mega-size fines have returned too and compliance officers worry about personal liability more than ever.
1. The GDPR – the countdown is on
If your company hasn’t familiarized itself with the General Data Protection Regulation (GDPR) yet you may already be behind. The GDPR was ratified in May 2016 and designed to bring personal data protection into the digital age. It imposes stringent requirements about how companies store and handle the personal data of EU citizens. The regulation will have far-reaching impacts – from how organizations obtain consent, use cookies on their website, to giving teeth to the right to be forgotten. Don’t think that, as this is EU legislation, that GDPR won’t affect you. It affects any organization that collects and stores personal data of EU citizens. With the GDPR becoming enforceable in May 2018, the countdown is on for organizations to prepare. The GDPR will impact more than just the Compliance team but indeed many other parts of the business.
Key Steps
An important first step is to have clarity of the personal data processing practices and content within your organization, including:
• What personal data you process?
• Where it is stored across the organization?
• Who has access to it?
• What consent has been provided and where it is documented?
• Where it is transferred from and to (including to third parties and cross-border)?
• How it is secured throughout its lifecycle?
• Are there policies and processes in place to dispose of personal data?
Visit OpenText GDPR to learn more about the regulation and how OpenText can help.
2. Pressure on the Compliance function not letting up
Compliance officers have never had a higher profile than they do now but with great power comes great responsibility. Pressure on the compliance function has been steadily increasing and 2017 is no exception. For example, sixty-nine percent of firms surveyed in 2016 expected regulators to publish even more regulations in the coming year, with 26 percent expecting significantly more. In addition, personal liability appears to be a persistent worry. Sixty percent of survey respondents expect the personal liability of compliance officers to increase in the next 12 months, with 16 percent expecting a significant increase. In addition, with the GDPR comes the rare explicit requirement to appoint a qualified compliance role, the Data Protection Officer (DPO). Though the GDPR does not establish the precise credentials DPOs must have, it does require that they have “expert knowledge of data protection law and practices.”
Key steps
Compliance officers don’t need to be technology experts but need to know how to leverage governance, risk and compliance solutions to make their jobs easier. Other key steps include ensuring your policy framework is up-to-date and that staff understand and are trained their compliance responsibilities.
Read the AIIM white paper and infographic: Managing Governance, Risk and Compliance with ECM and BPM.
3. A new administration means changes in regulatory priorities
President Trump has been clear and consistent on his desire to reduce the amount of regulations in place. From financial services to the environment, compliance officers are bracing for the changes and what it will mean for them. Most industry experts agree that even where regulations are streamlined or reformed, there will be plenty of work for your team to do to address the vacuum left by previous regulations or to interpret the way the new regulations need to be applied. The picture may be uncertain at the moment but you can be certain that regardless, any changes means there’ll be work to do for your Compliance team.
Key steps
How do you prepare for the unknown? Many pundits advise wisely that it’s business as usual and not to re-draft policies and procedures just yet. Now’s a good time to evaluate your overall compliance program however. For example, if your organization does not have its regulatory information management house in order now is the time to clean up. Whether your firm is based in or works with the United States, the result of the potential changes to the regulatory landscape means that businesses will need to be adaptable in order to quickly take advantage of opportunities, mitigate risks, and stay in compliance.
Learn about OpenText compliance solutions.
Continue to read compliance challenges 4 and 5 on page 2.