How a Change of Perception Transforms Compliance Into a Business Enabler
- Ezat Dayeh, Senior Systems Engineering Manager, Western Europe at Cohesity
- 29.06.2021 05:30 pm Data Management
Some businesses see regulation as a noose. Every form, every audit, every compliance requirement, every standard and kitemark to achieve is a hassle, taking time and energy that could otherwise be spent on being more strategic, or even more profitable.
This is, however, somewhat short-sighted.
Regulation protects businesses as entities, the people they employ, and the individuals they serve. Being compliant isn’t an option. It’s a requirement. So it’s important to see being compliant a virtue, and to what degree you’ve achieved that compliance, perhaps a unique selling point.
Time and time again, technology has been there to show how it can make that a possibility, if not in its entirety, to at least support the process, making compliance more straightforward and not, as some see it, to add to the headache associated with regulation.
Evolution before our very eyes
When it comes to regulating an organisation's use of technology, we're involved in an evolutionary process. Take the General Data Protection Regulation (GDPR), which is to protect individuals' privacy and only needs to exist because of the vast amounts of personally identifiable information (PII) that businesses obtain, store and use. GDPR was necessary in part because older data protection acts in use across the world weren't fit for how modern businesses collects and uses personal data.
Expect more regulation to become apparent as technology evolves. One area to watch is the growth of Artificial Intelligence (AI). The European Parliament is very active in this space and plans to develop a legal framework for AI development and deployment. Don't think about AI in just the sense of robots; the framework is likely to cover software powering machine learning, the algorithms used and data manipulation.
The European Parliament has adopted proposals on the approach it should take and has agreed that future laws will be made under several guiding principles: transparency and accountability, safeguards against bias and discrimination, right to redress, social and environmental responsibility, and respect for privacy and data protection. We can expect to see a legislative proposal relatively soon.
Importantly, a key strand of the European Parliament's framework's development is the desire to ensure that technological development isn't stifled by regulation. On the other hand, regulation is needed. You only have to search for 'bias in facial recognition' to uncover some quite profound issues with what is still a very early-stage technology.
Make it easy (eventually) through effective data management
It is difficult to argue against legislation in areas like PII and AI to protect fundamental human rights. Those that do should give it further consideration. Really.
What matters most is that big and small leadership starts seeing this kind of legislation as enabling rather than stifling. The first step on this road is accepting that there will be more regulation to come as societal issues gain complexity in tandem with technology's developing capabilities.
Next step is to take a long, hard look at the data lifecycle in your organisation. Evaluate how you manage data across the entire organisation, throughout the process of acquisition, storage, manipulation, backup and archive, and eventual deletion.
To do this involves going back to the drawing board to unpick years of ad-hoc development that's been the consequence of organisational growth, data sprawl, and potentially even acquisitions. Be prepared for it to be messy. You might find that a data protection audit and the management tools you need to use involves multiple platforms across different organisational teams that duplicate functions or are incompatible. There might be silos that store data which could be useful to other parts of the organisation, if only they had access. Those silos might contain data that varies significantly – how do you know what's the most up to date, what's accurate and what's not? There might be multiple data storage and backup regimes, purchased from different providers, costing more than a streamlined service would cost. As I said, be prepared for an eye-opening experience.
Technology: The Problem or The Answer?
While getting your house in order to make compliance as easy as possible, an organisation can reap other benefits, both operational and financial. Eliminating data duplication means less storage infrastructure is required (on-premises or cloud). Backups take less time and can be done more regularly; restores are faster and easier because you know precisely what you need to restore and where it resides. Furthermore, solid archiving policies, including what to archive, when to archive, and how long archives should be kept before deletion, will help with data storage and finding archived data later on.
And finally, regularising data storage, backup and restore, putting the management of all of these in the hands of a single provider, will result in efficiencies and improved return on investment.
We can’t predict the future, but we do know three things. Regulations aren’t going to disappear, and customers have become more aware of who they do business with, and consumers are increasingly knowledgeable about their privacy and rights. This puts pressure on an organisation to demonstrate its data protection posture to win its customers' loyalty. Mature organisations work proactively to inform, educate, and assure customers of their data protection measures.
When compliance is a component of good data management policies, it suddenly stops being a noose and starts being an aspect of good organisational governance.