Compliance in the corporate environment: Is it possible to outsource challenges?
April 28, 2020. Munich. Compliance is expensive: A global study by LexisNexis Risk Solutions reveals how much money banks, insurance companies and financial services providers spend on compliance to fight financial crime. According to the study, the costs in this sector amount to more than $180 billion. But even outside of the financial industry, compliance poses serious hurdles for small, medium and large companies alike.
While legal specifications in the field of competition, data protection and finance apply to specific industries, it is mainly up to these industries to decide how to meet their compliance obligations. For example, under the EU General Data Protection Regulation (GDPR), companies must take „appropriate technical and organisational measures“ to ensure an adequate level of protection for the processing of personal data. However, the legislator does not specify what measures are involved.
Successful compliance needs a strategy
Depending on the severity of the case, compliance violations—especially of internationally applicable data protection laws—can quickly become very costly and damage the company’s reputation. Therefore, it is critical to establish a clear and sustainable compliance strategy. Ideally, this should be based on a comprehensive analysis of the areas in which the risk of non-compliance is greatest. Some sectors of the economy, for example, require special attention. But even the development of a comprehensive strategy entails several challenges for companies:
- Regulatory changes
Compliance requirements are constantly changing: Existing regulations are amended or modified, and new ones are developed to respond to problems. Companies must stay up-to-date and keep track of these changes to ensure that all requirements are continuously met.
- Advances in technology
Developments such as cloud computing, managed services, „Bring Your Own Device“ (BYOD), the Internet of Things (IoT) and shadow IT—to name a few—bring many benefits, but they also give rise to some other security gaps and make compliance more difficult.
- Compliance costs
Once again: Compliance is expensive! But it is even more expensive if regulatory requirements are not met. Compliance requires certain financial investments, but these pay off.
Depending on the industry, companies have to meet a whole range of complex requirements, which involves technical, organizational and financial expenditure that cannot be ignored.
Compliance through third-party service providers?
Compliance with competition law provisions is difficult to automate or outsource. However, companies can outsource other compliance areas—such as the technical implementation of European data protection guidelines—to third-party providers. In this regard, highly secure business clouds enable, for example, the processing of personal data in the cloud in accordance with the EU GDPR. Here, the providers ensure an appropriate level of protection that meets the legal requirements by means of complex technical and organizational measures, thus fulfilling the compliance requirements in a verifiable manner. This way, with the corresponding certificate from the provider the companies can also prove they comply with their control obligations as required by law. This is not only more time-saving, but also significantly more resource-efficient than implementing appropriate technical and organizational data protection measures on their own. Compliance is still a challenge—but it does not always have to be expensive.
For further information contact us at firstname.lastname@example.org
uniscon — a company of the TÜV SÜD Group
uniscon GmbH is a company of the TÜV SÜD Group. As part of TÜV SÜD’s digitalization strategy, uniscon offers high-security cloud applications and solutions for secure, legally compliant data traffic. TÜV SÜD is one of the world’s leading technical service providers with over 150 years of industry-specific experience and more than 24,000 employees at around 1,000 locations in 54 countries. Within this strong network, uniscon is able to reliably implement large-scale international projects in the IoT and Industry 4.0 sectors with the Sealed Cloud and its products.
Further information on the company and its solutions at www.uniscon.com
uniscon GmbH, Claudia Seidl
80339 Munich (Germany)
Phone: +49 (0)89 / 41 615 988 104
Kafka Kommunikation GmbH & Co KG, Markus Reck
Auf der Eierwiese 1
82031 Grünwald (Germany)
Tel. +49 (0) 89 74747058-0
Fax + 49 (0) 89 74747058-20