Compliance by Design- A How-To Primer - SM
Reading Time: 3 minutes

Regulatory compliance keeps getting more complex. Facing a range of regulations covering privacy, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), to financial regulations such as Dodd-Frank and Basel II, to sustainability regulations such as the Corporate Sustainability Reporting Directive (CSRD) in Europe, and emerging regulations for the ethical use of artificial intelligence (AI), such as Europe’s AI Act, organizations are struggling just to keep up!

In addition, all regulations present two key challenges:

  • Organizations need to report on their overall compliance posture, on-demand. But how can they do this when the relevant data is scattered across so many different data sources and applications?
  • Organizations need to put controls in place so compliance is enforced and out-of-compliance situations are immediately detected and flagged. But how can they do this without adding even more complexity to their data architectures, which would slow down the business?

Ever-Increasing Complexity

These challenges are only getting harder to overcome. Most organizations are modernizing their IT infrastructures, which includes migrating data to the cloud, adopting data lakes, and enabling data self-service, and such activities result in even more data-sharing and data that is increasingly distributed.  

In addition, organizations are now being asked to be responsible for data outside their enterprise, such as sensitive data shared with 3rd parties, and they now have to manage financial and compliance risk due to the behaviors of business partners (such as Scope 3 carbon accounting). These risks are known as “transversal risks,” and compliance managers are often at a loss for how to detect, alert, and report on these risks, as they are caused by events and actions outside their control. As a result, these risks represent the worst kind of “black swan” event: The event you don’t see happening because you don’t have access or visibility to the data that can measure it, as it happens.

These issues are made more urgent than ever, because of the following trends:

  1. Growing Social and Political Demands for Corporate Transparency and Fairness, leading to more regulations around ESG and sustainability reporting, supply chain transparency, and visibility to corporate risk management practices.
  2. Ongoing Stricter Enforcement of Data Privacy Regulations, and the Rise of Ethical AI Regulations, which place a greater burden on organizations managing and enforcing data usage restrictions, as they need to report on both the inside and the outside of the organization (as mentioned above), and also include non-human (“intelligent” apps and AI).
  3. Changing Government Regulations. In 2024, about 80% of the world’s population that lives in democracies are having national elections. Risk is high in that multiple countries could experience sudden, radical changes in compliance legislation, depending on who happens to win their respective elections.

So, what are compliance managers supposed to do? The answer is an emerging trend called “compliance by design.” 

Introducing Compliance by Design

Building on the principles of “privacy by design,” in which the ability to manage sensitive data is built into a new data architecture from the beginning, organizations now want to expand the scope of what’s designed in, to include the full breadth of compliance policies. This means being able to pull together the necessary data for compliance reporting from all relevant sources, quickly, easily, and in a form that regulators and compliance managers need. This also means being able to detect and send an alert whenever that data indicates an out-of-compliance situation. Finally, this means these capabilities must be inherent features of the data architecture itself, without organizations having to spend a lot of time and money because they had to retrofit their data infrastructures after the fact, which would also risk disrupting and slowing down the business.

But compliance by design is hard to implement when data is scattered all over the place. Do you need to design controls into every possible data source and application in which data might appear? And who would do this work?   

Compliance by Design, Made Easy

Fortunately, no one has to do it. With a logical data management platform, one can define a logical reporting layer without having to move data from its sources, and run compliance reports just from that view. One can define controls in just one place: the very same logical layer. And these reports and controls can be defined and managed by the data owners and regulatory subject-matter experts themselves, without their having to depend on an overwhelmed central IT department or data organization. This greatly simplifies compliance by design, and it also enables much greater agility whenever regulations change or new risks emerge.  

If this sounds too good to be true, it’s not; Denodo to the rescue! The Denodo Platform, a leading logical data management solution, enables logical views across hundreds of sources and applications, both inside and outside the enterprise, and across all cloud platforms. The Denodo Platform also has rich access-control functionality, as well as the ability to define rules for detecting a wide variety of risks and out-of-compliance situations.   

Learn more about how the Denodo Platform can help centralize governance, risk, and compliance, and get ready to implement compliance by design.

Dominic Sartorio
Latest posts by Dominic Sartorio (see all)