Compliance programs are about protecting the company!!

Being involved in the compliance community, I enjoy to work with some fantastic brands, helping them to not only automate their compliance programs but also elevate the function within their organization. Given the environment of evolving regulations, data breaches, corruption scandals, and rapid business change, it’s easy to lose track of what’s most important in compliance: the people.

People are at the center of compliance in:

• Creating governance structures

• Identifying risks

• Communicate policies and ensure the implementation of controls

• Sustain compliance initiatives by training and testing people.

As a compliance professional, we need to secure the necessary resources and support from many stakeholders, in particular—at the top. To reach that objective, we must convince our boards and top managements that our compliance mission makes good business sense!

We all agree that compliance is such a strategic issue that it deserves top management’s utmost and undivided attention.

The compliance program is about protecting the company as well as its management and employees from regulatory and reputational risk. Compliance is a company-wide initiative, and we are the project managers of this global project, which involves many functions and stakeholders. We cannot and should not do it alone.

We see a slight drift from that principle in many companies, where compliance tends to be seen as compliance’s problem, rather than a company-wide initiative which is everybody’s business. We need to avoid that drift at all costs.

Very concretely, we have to make sure to remind top management regularly that compliance is their business. When we compliance managers underline a problem or a need, it is not our problem or need, it is a company problem or need and should be addressed as such, involving the relevant functions and stakeholders.

Let’s make sure that everybody understand that our compliance program is about protecting the company from regulatory and reputational risk - it will not only avoid fines and prison but have a sustainable and deep cultural impact, maintain the company’s reputation, protect its bottom line and help secure the future of business.

The complexity of compliance management and understanding that the safe journey into data protection needs automation inspired me to create a cooperation with Straits Interactive, a company in Singapore, that has developed a Data Protection Management System (DPMS), to equip professionals, managers and executives with the competencies to perform their jobs in data protection / compliance management.

The DPMS is a platform that delivers data protection as a service for organization to build trust with their customers and stakeholders.

It allows Data Protection Officers to:

• Achieve operational compliance with data protection laws, including the Philippine Data Privacy Act (DPA) but also with the EU’s General Data Protection Regulation (GDPR), and others like Singapore, Malaysia, etc.

• Implement a Data Protection / Privacy Management Program

• Demonstrate accountability to regulators (very important!!)

Comments are welcome – please contact me at [email protected]