February 22, 2019

Joe Shepley, in CMSWire: What if You Just Ignored the GDPR?

Interesting and realistic take on the real cost of compliance vs. the abstract cost of non-compliance. As I teach in our training courses, ultimately every compliance decision is a risk management, and therefore business, decision. As Joe notes, it makes zero sense financially to spend millions of dollars to avoid the possibility of tens of thousands of dollars in fines.

That's not to say that compliance might not be important for other reasons - public sentiment, trust and reputation, etc. And our Modern Records Management class makes the argument that you do things to improve the business of the business and get better compliance as an additional benefit. But every organization needs to look at GDPR, and CaCPA, and any new regulation/compliance requirement through the filter of what's the best choice for the business.

No comments: