As communication technology evolves, compliance by organisations becomes even more important. Read on to find out how, what, and why your compliance should be smartly executed.
Although IT is a relatively new industry, the laws that govern it have been evolving for more than a century. This is because data protection laws along with regulations are fundamentally built on the rights to privacy and access to information.
A brief history of data compliance
A lot of incremental events have taken place to get us this far with data compliance, but the main ones are as follows;
- It was in the 1980s, due to the increase in computer usage, that data protection laws started to take form. In 1981, the Council of Europe adopted the Data Protection Convention (Treaty 108).
- This was later supplemented, in 1995, by the European Data Protection Directive which dealt with the processing of personal data and the free movement of that data.
- In 2000, the South African Promotion of Access to Information Act (PAIA) provided individuals with access to their personal information no matter if it was stored in manual or computer records.
- In 2012 the General Data Protection Regulation (GDPR) was proposed in Europe. The rules were created to deal with the opportunities and threats posed by the increase in data collection and use in IT.
- In 2013, South Africa proposed the Protection of Personal Information Act (POPI) which will serve the same purpose as GDPR.
- In 2018, GDPR is enforced.
Evolution of communication technology and its regulation
Initially telecommunications was a network industry (much like electricity, rail, gas, and water) that traditionally had no private players. The industry was critical, but too capital intensive, high risk and with margins too low to attract private investors. Over the years this has changed with telecommunications technology evolving rapidly and creating new industries within itself. However, the regulators have not been as quick to evolve and that has left the industry figuring things out on its own as the frontiers of development are continuously expanded. The advancements in technology have forced regulators to re-examine issues surrounding;
- Price regulation
- Spectrum management
- Data security and
- Net neutrality
The role of compliance officers in communication data compliance
Regulators and users have become aware of the amount of data that organisations collect and use. This has resulted in a flurry of regulations, laws, campaigns, pressure groups and shifts in attitude towards stricter rules on data management. These changes have made compliance officers ever more important in communications technology companies and they have been tasked with;
- Identifying risks and providing solutions on how to mitigate those risks
- Designing and implementing control systems to protect organisations from risk
- Continuously monitoring and reporting on the control system's effectiveness
- Adapting and resolving issues that could occur
Smart companies realise the importance of compliance and do more than the bare minimum, as this will save them from legal pitfalls or high fines in the future. When deciding on the type and amount of penalties to issue, regulators weigh up whether the organisation had robust compliance systems or not. Keep in mind that communication technology companies often move faster than regulators, which means they are always in unknown territory.
"Organisations in South Africa aren't as prepared as they should be. We are still behind when it comes to the cloud journey although more and more organisations are asking questions surrounding security and compliance in this rapidly changing tech space. Organisations are in the process of preparing for this increased digital focus that our economy is headed as more companies move to the cloud and the conversations are started focusing on the mechanisms used to protect data. Companies have no choice but to make sure that they have the necessary tech skills needed."
Compliance technology evolution
Technology has also had an impact on the compliance industry itself. Regulatory Technology (RegTech) is a growing industry that provides solutions that solve compliance and regulatory issues. It uses technology to automate procedures and streamline compliance processes. This ultimately reduces risk as well as the manual work load. Accenture's 2018 Compliance Risk Study, interviewed compliance officers from around the world in industries like banking, insurance, and capital markets, who identified the following trends;
- There will be a 9% drop in compliance headcount in compliance departments
- 89% of respondents said they would increase spending on compliance to fund the shift towards regulatory technology into 2020
- 76% reported a skills deficiency, particularly in the wake of the compliance technology transformation
Cyber security will become an even more critical function as the world moves towards increasingly digitised workplaces, homes, factories, and even cities. It's for this reason that we've partnered with Microsoft, which is investing billions in security and compliance technology. So this means that you’re assured your systems are data compliant as all the R&D (security and compliance) and updates (cybersecurity and software) are done by Microsoft. This enables you to use Microsoft's huge resources (hardware, software, skills, intellectual property) at a fraction of the cost of doing it themselves.
Compliance when moving from legacy systems to cloud
South African organisations are currently under a lot of economic pressure, so they are not too keen on investing in new compliance measures on legacy systems, especially if they’ve been "working just fine" thus far. But organisations must adapt to remain relevant, so the move to cloud is unavoidable.
When moving to the cloud, organisations become more aware of security, compliance, and data management as critical issues. This is particularly true when dealing with new customers. Organisations are aware that there are now increased levels of ransomware and breaches, which means that they always have to be up-to-date with compliance and make sure all their user data is safe.
When moving legacy systems, organisations need to be aware of;
- The type of data that is being stored
- If it’s critical data or
- Data that needs to be backed up.
There also needs to be an assessment of where the data resides (data sovereignty), data transfer, and governance processes. All of these issues are governed by GDPR and POPI.
Unification of communication technology and compliance
A convergence of technologies is taking place and organisations are bringing fragmented technology services and products into a single system. Unifying your technology onto a single platform makes compliance simpler and more cost effective.
Shifting to a single (or fewer) platform requires organisations to;
- Look at their IT landscape and do a proper assessment of their IT environment.
- From there, organisations need to make a digital/modernisation roadmap that shows where they are currently and where they want to be.
- The roadmap should include all the information they need to cover when unifying their tech for example, what workloads need to be moved to the cloud, what needs to be updated, and if there are any increased security measures which should be put into place when unifying their technologies.
- The roadmap should also look at whether the organisation would benefit from investing in upgrading the legacy equipment or invest in moving to the cloud. Although cloud is the most cost-effective solution, questions on data sovereignty and compliance with POPI regulations still need to be considered.
Not sure if you’re business is ready to make the move into the cloud? Take our tech audit and find out.
Millenials as decision-makers on cloud communication and compliance
Millennials are the generation that drove cloud technology to the forefront of the workplace, and as workers they are more inclined to take their work out of the office. Naturally this brings with it different productivity opportunities and new security concerns that to go hand-in-hand with any tech shift. Which means companies have been forced to adapt to this new workforce culture or face security risks and a non-dynamic workplace.
Millennials gave the spark that ignited these advancements but didn't really look at the repercussions of these tech advancements. This means that regulatory and compliance organisations need to double down to make sure these advancements are not harmful to society, and that the information that is kept is protected.
As cloud technology has grown so have millennials, they are no longer just employees but are now also entrepreneurs, managers, and executives. Millennials, as decision makers, will not only accelerate tech adoption but will also bring with it new security concerns which will lead to new business opportunities.
So it’s very important that your business stays on its toes and is up to date when it comes to making sure that compliance best practices are met. Communication technologies are always evolving and so it’s important that your businesses compliance strategies do too. Not only is it beneficial to your business as a whole, but it also helps you win over the trust of customers and the industry at large. This lets them know that their data will always be handled and cared for in the correct way, and that there are safeguards in place to protect their data from any external threats.
Let us help you make sure that the solutions that you currently have in place are secure and meet industry standards. Contact us today.