Reflections on the state of compliance

Compliance Week Europe 7th and 8th November 2016

More than 150 compliance professionals from over 120 organisations came together for 2 days in Brussels to discuss the challenges facing the sector. With the dust barely settled on the conference Darren Hockley, VinciWorks Internationals Managing Director offers his reflections on the conference.

Keeping pace with the changing regulatory landscape

The primary challenge for most compliance teams remains keeping pace with the changing regulatory landscape. Compliance teams are still juggling with recent legislation such as the UK Modern Slavery Act and the EU Solvency II regulations, whilst planning ahead for major changes in data privacy with GDPR looming on the horizon.

Many of the delegates felt they were keeping abreast of this challenge, particularly around the development of policies and employee awareness training. However more work needed to be done in terms of monitoring and identifying issues. Most attendees acknowledged a gap between policies and what is actually happening on the front line, particularly in areas of the world where is it still culturally accepted/expected that illegal bribery payments will be made. Pressure on middle managers who are striving to meet targets/incentives and to stand out from the crowd can also lead to a compromised position.

Bridging the culture gap

Although awareness of compliance issues is more common in employees and the vast majority have no intention of crossing the line, one worrying trend is the reluctance of people to blow the whistle it they do spot wrong-doing. This is despite an increase in legal protection and implementation of anti-retaliation policies by most organisations.

In some cases employees don’t want to harm the organisation they work for whereas in other cases they keep quiet to protect themselves. They simply don’t believe they will be protected and their careers will be unaffected and many are simply worried about taking this to their line managers. Most organisations cite zero tolerance to compliance issues; but there is more work to do to create a culture that reflects this.

Extending the reach

Perhaps the biggest challenge facing compliance teams is extending the reach of their compliance programme through complex supply chains. In some cases there are regulatory requirements to do so (such as anti-bribery and data privacy), in other cases it is about reputation and brand management (preventing modern slavery). The challenge is to understand the complexity of the supply chain and to have sufficient resources available to complete adequate due diligence and monitor performance across all compliance areas.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.