Credit: Illustration 157796281 © Pravin Chakravarty - Dreamstime.com
The 2018 General Data Protection Regulation (GDPR), implemented in May of last year, is profoundly impacting on how businesses approach sensitive data and global privacy.
GDPR has become the catalyst for a stricter regulatory environment, bringing with it, improved protection of personal data and information rights. Since the implementation of GDPR, businesses are contending with the severity of these new regulatory changes as more countries in the APAC region issue similar regulations like the ‘Australian Privacy Act’ and the amendments to Japan’s ‘Act on the Protection of Personal Information’.
The knock-on effect of the skills gap on corporate compliance
Evidence suggests that a number of organisations are still falling short of their data privacy obligations. Only 13% of Australian businesses are GDPR compliant. The International Association of Privacy Professionals reported a total sum of $89 million AUD in fines last year alone. And with substantial fines now becoming commonplace for non-compliers, Australian organisations are struggling to comprehend the consequences of GDPR non-compliance and are failing to meet their regulatory obligations.
So, what is stopping businesses from getting on board with GDPR and consequently creating this compliance gap?
In answer to this, there are simply not enough qualified data privacy compliance professionals to go around. This issue was widely anticipated in the run-up to GDPR. In 2016, the International Association of Privacy Professionals (IAPP) predicted globally that 75,000 privacy professionals would be needed to meet the GDPR requirements. One year after its implementation, they have found a drastic increase in this number and many of these registered data protection officers are now serving multiple companies.
As a result of this demand, qualified data privacy professionals have seen their salaries skyrocket, with the IAPP reporting an average salary of over $100,000 for Australian’s working in the industry. Whilst this is good news for data privacy professionals, unfortunately smaller ANZ businesses are struggling to gain access to this invaluable talent pool.
Non-compliance is not an option
Organisations need to face the reality that data privacy regulations aren’t changing anytime soon, and any adjustments will only tighten the regulations further. Consequently, businesses must find cost effective ways to develop their own strategies to implement GDPR compliant privacy policies, data management and reporting; much of which can be achieved by delegating to outside experts.
For example, most organisations now use the cloud in one form or another to store, access, process, backup and archive data. Indeed, the public sector is now under a cloud-first mandate from the Federal Government. Cloud service providers (CSPs) are acutely aware of their huge responsibility to keep their organisations up and running while complying with data regulations. If CSPs want to offer services to some of the world’s most highly regulated industries, they must meet the most stringent of regulatory standards.
For GDPR and other similar regulations, CSPs must deliver comprehensive compliance solutions with expert advice that is scalable throughout the business.
A CSP with compliance expertise, can help organisations access a wealth of specialist knowledge they can’t afford to integrate in-house, to help overcome the skills shortage and avoid a compliance gap.
Why compliance consultancy is key
The global regulatory landscape will only become more complex and we will see more fines and legal action being pushed through. Aside from the privacy element, the specific requirements for a range of sectors, be it government and healthcare or legal and finance, introduce problems that businesses must solve.
With 49 percent of board directors naming changes in the regulatory climate as their top concern, organisations need to be confident that their partners are competent, accredited, and will strengthen their compliance posture. For CSPs, compliance expertise can be a credible differentiator.
Offering compliance consultancy that complements cloud services and adds value for the customer is a distinct advantage in building the trusted relationships at the heart of successful cloud service provision.