Can there be an equation for compliance?
As in mathematical formulas, there is a balance in compliance that needs to be resolved. Every organisation needs to understand what is required of them; what regulations and standards are applicable (Gravity) and understand what are the affected assets (Data in this case). Then, how do they meet the requirements (Processes).
Where the requirements outstrip the current position, there is a gap which needs change – how organisations change to balance the equation is an important variable. Many ignore the need for change – “I’ll just wait and see what happens” or “We’ll fix it when it’s pointed out in an audit”. Some resist the change and try to work around it or fight it. The sensible ones, however, work through what is a reasonable approach, plan the actions and get it implemented.
Are you balancing your compliance equation for the General Data Protection Regulations (GDPR)? Do you know what’s required and how far off the mark you are? Will you balance what’s needed with a good approach to change and get it done before you’re found lacking?
Nobody wants to be seen as “unbalanced”!
There is no decision that we can make that doesn’t come with some sort of balance or sacrifice. – Simon Sinek