Summary: Two months into 2018, it's worth asking yourself if your organisation is sticking to its new year's resolutions when it comes to compliance on key issues such as GDPR.
It's not uncommon for people in the business world and beyond to approach the end of February and realise that many of the resolutions they made ahead of the new year have started to fall by the wayside.
After two months of concerted effort and good intentions, apathy can start to kick in, leading to cancelled gym memberships, lapsed diets and the slow abandonment of your stalled attempt to teach yourself a new language. Breaking resolutions like this can feel disappointing without being disastrous - but for businesses that pledged to renew their focus on compliance in 2018, it remains absolutely essential that you keep up the momentum.
With the end of the first quarter fast approaching, it's therefore vital that business leaders take stock of their compliance objectives for the year and make sure they're still on track to deliver on them - or, for those that skipped making these resolutions at the turn of the year, to make a belated start.
Perhaps the single most important compliance issue that businesses have resolved to address in 2018 is the introduction of the General Data Protection Regulation (GDPR), the new EU-wide data security laws that will be coming into effect on May 25th.
GDPR has been dominating the corporate agenda for months, and rightly so - it represents the single biggest change in data protection regulation since 1995, and will introduce broad-ranging new requirements for businesses holding personal data. Under the new laws, all organisations will require explicit consent to store and use a person's data, including providing access to or deleting that information on request, and to provide prompt notifications when they experience a data breach. Failure to comply with the new GDPR standards will result in a fine of up to €20 million, or four per cent of their global annual turnover.
Businesses have been well-warned about these new compliance requirements, so there'll be no excuse for not hitting the ground running as soon as May 2018 rolls around. If you feel your company is behind the curve in terms of its preparations, now is the time to invest in the data auditing and training initiatives you will need to ensure you are ready for this legal shift; sticking to this resolution should be considered an absolute necessity, and time is running out to take action.
The introduction of GDPR is not the only ticking clock that businesses are currently keeping an eye on, with Britain's exit from the European Union still progressing gradually towards a planned March 2019 deadline.
In truth, it still remains unclear how Brexit will affect legal compliance in the corporate sector, as most of the terms of the UK's departure from the union are still yet to be worked out. However, many companies will have resolved at the start of the year to get themselves educated on the possible implications of Brexit, and to start planning for the different contingencies; this remains a highly advisable strategy, especially among organisations that interact frequently with EU markets.
If you haven't already done so, make sure your business is dedicating time to considering the likeliest Brexit outcomes, and making plans accordingly. This will significantly increase your chances of thriving in a post-Brexit landscape, whatever it ends up looking like.
Brexit has put many of the government's planned changes to business law on the back burner over the last year, but that's no reason for companies not to keep abreast of the many changes that are likely to be taking place regardless.
For example, the Financial Reporting Council is set to introduce a revised UK Corporate Governance Code this summer, designed to foster more effective engagement with a wider stakeholder base and revamp corporate remuneration policies; additionally, Companies House is looking to enforce recent changes to its PSC regime more strenuously this year, while the introduction of a new ban on corporate directors potentially remains on the cards.
There's never a bad time for a company to learn more about new compliance requirements of this kind, so if you feel your organisation is lagging behind on these matters, then a belated not-quite-new-year resolution to re-invest in training and staff development around these important topics will likely have a positive impact.