By: Linda Coniglio, Director of Privacy and Information Governance
The privacy and compliance arena is quite active these days and, according to Gartner, will continue to be in the near future. Gartner says that by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations – up from only 10% today. Because of this volatility, companies might be tempted to operate “business as usual” rather than adapt to meet compliance requirements. Before you make that decision, ask yourself what happened to the dinosaurs.
Complying with privacy and data protection regulations may seem costly, but according to a study by the Ponemon Institute and Globalscape, non-compliance is more costly. Let’s consider why this might be true.
Compliance costs include the processes, people and technologies used to keep your business compliant with regulations. The following are typical compliance costs:
- Data protection and enforcement activities
- Incident response plans
- Compliance audits and assessments
- Policy development
- Communications & training
- Technology investments
- Program management
Typically, data protection and the technologies used to security data contribute the most. However, the size and scope of the organization have an impact on total compliance costs. The larger the organization, the more likely the need for dedicated professional staff and more complex business policies and processes. If your business has international operations, there will be more regulations with which you’ll need to comply. The cost of compliance varies significantly by industry. Organizations in heavily regulated industries such as financial services and healthcare have the highest compliance costs due to the amount of sensitive and confidential information they store and protect. They are also governed by numerous industry specific regulations. According to the Ponemon report, the average cost of compliance for an organization is $3.5 million.
Failing to comply with rules, regulations, policies, and other legal obligations make up non-compliance costs. Specific examples are as follows:
- Business disruption
- Productivity losses
- Revenue losses
- Fines, penalties, and settlement costs
Again, from the Ponemon report, the average cost for organizations experiencing non-compliance problems is $9.4 million – almost triple compliance costs.
Business disruption and productivity loss are the highest cost contributors to non-compliance. Look only as far as the Colonial Pipeline ransomware attack for an example of detrimental business disruption and productivity and revenue losses. Can your business and your customers afford such disruption?
Another cost of non-compliance that you may not have considered until now, is your organization’s reputation. This may be the worst consequence of non-compliance because bouncing back from reputational damage is difficult.
To Comply or Not to Comply
A Gartner statistic may illustrate the most telling reason to build and maintain a stellar compliance program: By 2023, companies that earn and maintain digital trust with customers will see 30% more digital commerce profits than their competitors. Customers will take their data and their dollars to businesses they trust.
How To . . .
Start adapting to the new regulatory environment by following a few best practices.
- Know your industry’s regulatory requirements
- Create simple but effective policies and procedures
- Build a compliance partnership with business units
- Conduct compliance audits
- Provide compliance training
Know it’s not going to be perfect with the first attempt, so don’t let perfection be a performance killer. Start small for some quick wins to gain support and momentum. The first step will be the hardest; each additional step gets easier and builds confidence. Getting started today assures you won’t go by the way of the dinosaurs.