Making the case for continuous compliance

Compliance is a word that has been bandied about by business, regulators and the media for the last few decades. For those in the public sector, financial services and healthcare, it is an ever-present concern influencing the entire organisation. But for other companies, those not in heavily regulated industries, compliance has always been a bit of a challenge, unchartered territory.

In today’s market the compliance question gets even trickier. Your business might not be in a constant state of change, but the compliance landscape is. A case in point is the upcoming European Union (EU) General Data Protection Regulation; the deadline for compliance is 25 May 2018. However, there is a lot of uncertainty in the market as to which companies need to comply.

Simply put, all companies must comply. Those organisations that don’t actually hold personal data still need to prove it by completing a Data Privacy Impact Assessment (DPIA) on a continual basis.

Putting aside the uncertainty around GDPR, its presence has opened the floodgates, so much so that almost every organisation is asking the question: am I compliant? Do I need to be?