Historically, regulatory projects were passed to IT departments to check the box meeting a compliance or audit standard. For some projects, staff were trained to adopt new process steps with little or no follow-up. Others created audit reports or alerts if activity surpassed limits. Since regulatory projects do not produce revenue, actually they created cost and add time, business buy in was difficult to sell. For small-medium businesses, especially multi-national businesses, overspending in regulatory projects (technology, implementation and continuous operation) could significantly impact operating profit. In six sigma terms, these projects were waste.
But what happens if you are noncompliant? What are the implications? Should we weight cost of non-compliance as a measured risk?
Enter GDPR, the General Data Protection Regulation. GDPR penalties are so material, it instantly garnered focus from CEO’s, Director Boards and investors. This was not a “check the box” regulatory project.
Holistically, Global IT had many tactical efforts to complete; TOMS, DPIA’s, DPO etc. It seemed every vendor was selling a service and toolkit. Timelines were tight and those engaged were frantic with details and checklists. Making matters a bit more challenging was the ambiguity of directives and how to best apply the “reasonable” factor into our plan.
Reviewing risk, project plans, budgets and new regulations in the wings, it became apparent we needed a strategic shift to properly manage GDPR and all compliance projects. We concluded we must treat them as revenue producing projects, projects critical to our sustainability.
Organizationally we learned that technology itself would not solve HR operation or customer management challenges; our success in the aforementioned was a result of intradepartmental understanding, process discovery and strategic goals mapped to a technology solution. That would be the methodology we would apply to regulatory compliance.
No longer small, regional solutions-our regulatory mission adopts best practice methodology we employ for safety, manufacturing, sales and data management. Management committed cultural adoption of platforms, process and people to operate within regulatory compliance rather than report on it as a byproduct of various tools.
Regulatory excellence at all levels:
• Data protection
• Legal protections and requirements
• Financial regulations
• Product registration and sales regulations
No longer a burden of effort but a strategic investment to differentiate Element is as a global leader and steward of exceptional operations enhanced with strategic technology.
Being extraordinary in your regulatory space requires understanding how you must operate at a process level, adopt process operations culturally and crystalize them together with strong technology platforms that meet your current and future needs.