Unmasking the Hidden Challenge for Compliance Leaders

I have been serving the compliance community for many years. I have witnessed countless difficulties, pitfalls, and common errors in the game of compliance in medium to large companies. Through my experience, I've noticed a glaring conundrum facing today's compliance professionals that must be addressed. While I do not name specific people or companies, the information contained here is gleaned from real-life cases.

In the age of data protection, compliance professionals are forced to straddle technology and regulatory demands. The focus on data protection has become arguably the most pervasive priority for the modern compliance professional. The GDPR and the UK Data Protection Act (2018) have accelerated this phenomenon, and the pressure to comply has surged due to the fines and penalties being imposed.

Funny enough, the systems needed to comply with the GDPR and other data protection laws are already within reach, yet they remain hidden behind a veil of technology. This is a great irony and the crux of the issue. Compliance professionals find themselves at the mercy of IT or they are forced to become technical experts themselves.

Let’s look at this more practically. Most companies use Microsoft Office, and the bulk of the company's data is transacted through Office in some way or another. The tools to regulate this data, offering cataloguing, labelling, visualising, and other capabilities required by law, already exist within the Microsoft 365 suite. This can make compliance with GDPR and the UK Data Protection Act a breeze. Yet, a lack of technical know-how sends compliance on a wild goose chase to find what is hidden in plain sight.

Eventually they find themselves at the door of IT. A Deloitte survey found that 49% of compliance professionals report a lack of support from IT. We’re convinced this perspective is purely a consequence of a lack of alignment at the top.

Naturally, IT and compliance strategies have different priorities, but both forward the same imperative to reduce organisational risk. The trick is finding this common understanding and a shared vision, which encourages IT teams to rally around compliance initiatives on the ground.

We are placing compliance in an organisational straitjacket. This unfortunate circumstance is perpetuated, despite being visibly absurd. It's high time we change this. No one should expect a compliance professional to be a deeply technical expert, knowing how to change configurations in the Microsoft 365 admin center.

What compliance leaders need is a trusted technical ally who can do the heavy lifting within the various software platforms. This ally ought to possess deep compliance knowledge, too. It should be a forgone conclusion that the organisation needs these tasks done, and the technical ally needs to get moving independently.

Signs that you need a strong technical ally include a data breach, increased pressure from regulators, or the underutilisation of a powerful compliance solution like Microsoft Purview. False starts in deploying feature sets like Information Protection in Microsoft Purview (resulting in difficulty or false positives) reinforce this need. Furthermore, a technical ally can be particularly helpful when companies want to use pre-built templates in Microsoft Purview to assess themselves against specific regulations like GDPR.

Some examples of tasks that need to be done by the technical ally, without too much intervention by compliance:

1. Data discovery and cataloguing to create an inventory of your data assets.
2. Data classification and labelling to organise and protect sensitive information.
3. Data lineage and mapping to understand data flow and dependencies.
4. Implementing data protection policies to control access and usage.
5. Monitoring and managing data subject access requests (DSARs) in a timely manner.
6. Maintaining records of data processing activities and demonstrating compliance to regulators.

In conclusion, compliance professionals are grappling with a hidden issue in the age of data protection. It's time to stop asking them to search for what’s already there and give them the support they deserve. By recognising the challenges faced by compliance professionals and offering the necessary support through a technical ally, organisations can help bridge the gap between technology and compliance.

As compliance professionals, it's time to take charge and unmask the hidden conundrum. The right ally can make all the difference, ensuring that compliance efforts are effective and well-aligned with technology.

If you are ready to find a technical ally, click here to learn more and take the first step towards a more empowered, knowledgeable, and efficient compliance function.

If you would like to learn how you can unlock compliance tools in Microsoft Purview, attend our webinar on 28 June 2023 – register for free here.

Laura Hill, Managing Director, UK region, Cloud Essentials