The regulatory environment is a complex one that impacts on all facets of a business.
By Mthobisi Memela, senior consultant at TechSoft International
And if dealing with the continually evolving South African compliance landscape is not challenging enough, companies must also keep in mind new EU regulations that can also affect them even if they do not have operations there. Much of this comes down to how data is managed, the expectations of regulators, and how customers are influenced by this both locally and abroad.
Every company, regardless of industry, uses data to improve engagement, enhance business processes, drive product innovation, and differentiate itself in a competitive market. As such, data must be managed as the mission-critical asset it is. This extends to policies, stewardship (as it pertains to the management and oversight of data), and how data is used strategically.
Of course, data governance has become a costly undertaking. McKinsey estimates that the cost of data-quality monitoring, remediation, and maintaining governance can account for almost 8% of IT spend. No matter the size of the business, this is a significant investment that cannot be treated lightly.
With IT permeating every area of the organisation, it is essential that business and technology teams need to align on compliance. Whether it is dealing with the likes of POPIA or accounting for GDPR, decision-makers must maximise their data governance investments. The best way to do so is through intelligently prioritising them as they relate to value drivers throughout the customer journey. Added to this is the optimisation of processes and innovating product development.
But more than that, data governance is a continuous process. It extends from developing policies to executing on them. And then there is also improvements to be made based on practical experiences. All this must encompass the entire data management real estate of the business.
For local companies it is therefore imperative to understand what the regulatory environment in the EU is for their customers who operate in those countries. Even if they use a supplier or vendor that works in the EU, their local data practices must reflect an adherence to requirements there. Aligning the business with IT in this regard is not without its complexities. But it is something that must be done if the business is to not fall foul of regulators and potentially suffer significant financial fines and reputational damage.
While digital transformation has helped in this regard, it is by no means a cure-all to ensure complete compliance. Companies who think they can simply migrate their legacy processes and applications to a data-driven, cloud-based environment and have it work smoothly are quickly found out.
Compliance helps in this regard as it creates the need to take a step back and strategically analyse where data regulations within the organisation still fall short of legal parameters. Yes, deploying in a cloud environment is potentially faster, more cost-effective, and sees a shift away from on-premises infrastructure and data storage.
However, it brings with it the need to with the cloud is quicker, less costly, and does not require investing in infrastructure or storage. A migration to the cloud means data is always accessible from a hybrid workforce. But it also means that compliance with the laws of the country in which the data is residing and where the employees or customers are accessing it from must be adhered to.
Integrating data across the cloud and application ecosystem become increasingly complex when one factors in the governance requirements both locally and internationally. Managing the wealth of data spread across the business becomes a significant obstacle to overcome. Even today, much of the data environment is spread across the organisation and contained in disparate siloes. This significantly complicates data compliance and requires more accurate master data management (MDM).
But by doing so, a company gains a single view of the data to improve its accuracy, quality, and access without compromising on South African and EU governance requirements. Central to MDM is delivering the support essential for data privacy rules and regulations. It allows for data to be integrated more consistently and ensure only correctly assigned people can access the data at the right time.
Data governance is essential for any company today. Data has become too important an asset not to ensure that it is compliant with the regulatory environment. Simply put, data must be carefully controlled in a business and by putting governance front and centre, decision-makers can ensure they remain on the right side of compliance regardless of which country the data resides in.