Compliance – Everyone’s Business
In her first blog our Governance, Risk and Compliance expert Niamh O’Sullivan explains why her role is a key one for both us at VoiceSage and for all our customers
Compliance in the context of business and corporate management refers to an organisation obeying all of the legal laws and regulations in regards to how it manages its business, staff and interactions with its customers.
Clearly, compliance is about making sure businesses act responsibly. But this simple goal can end up being fairly complicated to carry out.
When you consider compliance in the technology sector, it applies to two different aspects of company operations. This includes the internal security requirements for your technology, and compliance standards set forth by external entities. Both aspects of compliance majorly affect business operations.
Compliance is often seen as a ‘box-ticking’ activity. But in truth, it is a culture that needs to be embedded into all aspects of your business and operations. For a business, effective compliance means several things, such as reduced legal hurdles, improved operations, good brand reputation and PR and competitive differentiation.
Compliance is equally important for the customer. VoiceSage holds PCI DSS certification as an extra layer of reassurance of reliability for our customers and is continually striving to expand on such reassurances, but it’s far from being the only standard we pay close attention to. The new General Data Protection Regulation (GDPR) requirements, for example, are making big waves in all sectors this year.
GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union. It also addresses the export of personal data outside the EU.
One of the main objectives of GDPR is to give EU citizens control of their own personal data, giving you the power to dictate who has your information and how you allow them to use it.
While this blanket regulation was adopted in April 2016, it is to be fully implemented in May 2018 after a two-year transition period. That means the next fifteen months will see organisations which hold any EU citizens personal data incorporating tighter data protection and cyber security controls in order to align themselves with the requirements of GDPR.
Any company in breach of the benchmark requirements could potentially be fined anything up to €20m or 4% of your annual worldwide turnover, whichever is the great amount. With that in mind, would you still think compliance is just a box-ticking activity?
Niamh is GRC (Governance, Risk and Compliance) Manager at VoiceSage