“We welcome regulations and are very happy to comply!” rarely said any business leader ever. Often compliance is seen as unnecessary burden, and sometimes, it is felt to be detrimental to the growth of business.
Some of the key questions around compliance come to our mind:
Why compliance is needed?
Who is protected and safeguarded by regulations?
How does it help my business, my customers or industry as a whole?
Why does regulation sometimes become very restrictive and punitive?
In my previous blog I have covered the risks associated with non-compliance and how a company can save cost by adopting compliance.
In this article, I will dive deeper into the concepts on the rationales behind compliance. There are 3 main reasons why we should pay attention to compliance.
- Protection of Rights
- Economic Rationales
- Internal Control
In a series of 3 blogs, I will delve into the aspects of 7 rationales covering these reasons one by one.
Protection of Rights
Be it individuals or organizations, protection of their rights is the first and foremost function of Compliance.
Rationale 1: Fundamental right to the protection of personal data
Today, the most talked about privacy and data protection law is Europe’s GDPR (General Data Protection Regulation). The Official Journal of the European Union for GDPR says in Article 1 of Chapter 1: “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
GDPR outlines the principles of handling personal data with respect to lawful processing, purpose, data minimization, accuracy, storage limitation, integrity and confidentiality.
Not only Europe, but many other nations including India are carefully crafting rules for data localization and data protection.
The data protection concerns are gradually taking centre stage in today’s digital economy.
More and more ‘things’ are getting connected to internet from smart traffic systems and smart factories to smart homes. One report of Ericsson predicts “By 2024, 22 billion IoT devices will connect to the network.”
With the proliferation of subscription e-commerce services, people buy products and services paying online. In the process, personal information including credit card, debit card or bank details is shared. According to a McKinsey article, total market size for subscription e-commerce services is expected about $12 billion to $15 billion.
In the current COVID-19 situation, more and more people are buying online and consuming online services.
With these developments, people are naturally apprehensive about safe use of personal information, and would like to take control over their personal data. It is the right of people to give consent or deny access of their personal data to any third party. If not protected well, there is a risk of manipulation, abuse and misuse of personal data for fraudulent and criminal activities causing serious harms to individual, society and even country.
Gradually, the world is moving towards storing data within the country with no or restricted control across geographical boundary. There is a demand that cloud service providers should adhere to the strict data protection regime, as they host confidential and sensitive corporate as well as personal data.
For example, the leading cloud infrastructure provider AWS mentions on its website that it is compliant with the CISPE Code of Conduct for data protection. This gives confidence to their customers and APN partners that they are in safe hands to protect their data and the policy is consistent with the GDPR.
The aspect of privacy and data protection has become so prominent that United Nations have acknowledged the need and a resolution has been adopted by the General Assembly on 18 December 2013 on “The right of privacy in the digital age”.
Rationale 2: Enforcing property rights
Suppose you are growing apple, or you are manufacturing detergents, you will never want that your product gets stolen. An internet service provider will try to ensure that consumers pay the bill smoothly as they consume the services.
We all rely on government to enforce our ‘property rights’ over things we produce.
Product or process innovation would not have happened if intellectual property rights were not institutionalised and ensured.
In the next blog we will move to the Economic rationales of Compliance …
Based on research inputs by Manas Bairagi