Data Protection: Why it Pays to Outsource the Regulatory Rigmarole

Specialist professional services experts Allendevaux on the benefits of a custom-made Compliance-as-a-Service package

3
Sponsored Post
Data Protection: Why it Pays to Outsource the Regulatory Rigmarole
Unified CommunicationsInsights

Published: May 12, 2023

Simon Wright

Technology Journalist

Risk, complexity, cost: surely the three things most capable of stifling growth.

After all – in a world rightly protected by ever-increasing security, privacy, and data sovereignty laws – how can communication technology innovators be free to push the boundaries when their hands are so tied?

The big players have the resources to navigate this often-chaotic landscape, of course.

They employ legal experts in their fields; justifiably demanding six figure salaries and often supported by entire departments devoted to the crucial business, attempting not to inadvertently break the latest law.

But what about the small-mid size businesses where innovation is often at its most creative?

And what about the ambitious start-up that has the expertise and enthusiasm to give the world the next big app but which is frustratingly slowed by the maze of legislation?

Well, for most, outsourcing is the answer.

And that means picking the right partner is key.

“Security and privacy are the two most important aspects of any communications businessꟷyet organisations cannot know what they do not know,” says Dr. Scott Allendevaux, senior practice lead at the UC professional services practice Allendevaux & Company, whose comprehensive ‘Compliance-as-a-Service’ offering has everything covered.

“Many organisations do not realise that it’s now illegal to collect and process data en masse without standing-up a data protection programme; and they do not know what that needs to look like. For example, they may not realise it may be illegal to sell a service into the UK or the EU or Brazil and other places, and to transfer the resulting data back to the US.

“Many say: ‘What? How could that be illegal? We’ve always done it this way.’ But the data landscape has changed so quickly. If you’re a cloud service provider, it’s easy to generalise geographic boundaries when selling services to consumers around the world. However, data sovereignty jurisprudence does adhere to geographic boundaries. For example, consider moving a packet of data from Frankfurt through London, into New York and then over to California; that packet must understand and comply with the laws of those geographies, and it has to do it at the speed of light.

“We call this complex compliance, and it sounds somewhat impossible to achieve, but to us it’s just what we do. Smaller companies either need to be able to staff-up appropriately or partner with external experts.”

Indeed, the stats are striking.

Research suggests that 99% of the world’s information has been created in just the last 10 years – meaning that 10 years ago, it was just 1% of what it now is.

One hundred and thirty seven countries have enacted data protection laws of some kind or another; in the US alone, beyond federal obligations, there are 114 state statutes with another 280 new bills currently being debated in state legislatures.

“For companies without the expertise, it’s chaotic,” says Allendevaux.

“How can you innovate when you might not know the laws in territories where you might have customers?

“To stand-up a proper data protection programme, most companies need a cyberlaw expert, a privacy law expert, an ISO policy expert, certified cybersecurity pentesters, certified internal auditors, business continuity experts and others. When you stand all experts side-by-side, you have at least seven or eight smart people all wanting to make six digits because they’re good in their field. Many businesses can’t run to that.”

In Allendevaux’s case, it’s a fixed subscription to access the experts you need daily.

“The starting point is understanding what laws a business must comply with,” says Allendevaux.

“Then we write the appropriate policies to reflect lawful requirements and help build the appropriate data protection programme. Finally, we bring in an independent auditor to prove the programme’s effectiveness. We also provide an expertly staffed service desk to resolve any issues going forward.”

Crucially – as well keeping businesses out of the courts – there is a commercial return on investment too.

If the right compliance assurances cannot be shown to prospective new customers, deals often go elsewhere.

“Having a demonstrable, robust data protection programme is now a powerful commercial differentiator, and rightly so,” says Allendevaux.

“You want to be seen to be ultra responsible when it comes to your customers’ information. But, of course, you also do not want any reputational damage, you do not want to find yourself hung up with regulators or litigators, and you especially do not want to lose potential new customers to your competition because you didn’t know what you were supposed to know in the first place.”

To learn more about how Allendevaux can help your business comply and succeed, visit Allendevaux.

Security and Compliance

Brands mentioned in this article.

Featured

Share This Post