Strong compliance is more than just policies — it’s a culture fostered by compliance officers and the rest of the business. On a recent episode of Cockpit Counsel, Danielle Maglente, General Counsel at Plum Voice, shared insights on how she navigated this space early on in her career – and how she runs successful programs today. Below I dive into some of the main takeaways.
Walk Through Data Needs
User data is crucial to your product, but GDPR and other data privacy regulations have upped the ante on how organizations can buy, sell, and otherwise process data.
It’s up to the compliance team and engineering to find a happy medium between collecting all the data you can and following the letter of the regulations. Maglente tells the engineering team to check in with her whenever data is involved.
Conversations about what kind of data engineers need (sensitive, personal, etc.) and how they will secure the system to ensure the data stays safe help their teams align on data needs and risk mitigation. In case future feature builds compromise compliance, it also keeps the team in the know.
Look at Compliance From an Implementation Perspective
Before creating a compliance program at a tech company, collaborate with your stakeholders on the engineering and product teams to understand how they approach building and implementing programs that process user data.
As Maglente says, it’s not just about laying down the law of what you “need” to do. It’s about understanding implementation from a product and engineering perspective. Open up communication between compliance and teams affected by their choices to understand how compliance benefits them and what roadblocks they face so that you can be more thoughtful when working with them.
For Maglente, this meant having engineers whiteboard their process so she could see what was happening and suggest changes that would keep them compliant. This builds a more fluid relationship with engineering and other stakeholders.
Stay Up-to-Date on Regulations
Each industry has its own set of regulations and compliance best practices that businesses need to follow. When Maglente worked in healthcare, she was mostly focused on HIPAA compliance. But there’s GDPR, ISO27001, payment card industry (PCI) regulations, and so many more in tech.
Sadly, no single source lists current active regulations that the legal team and corporate compliance officers must be aware of. But keeping your finger on the pulse of regulations in your space is critical. Research the regulations that apply to your company and what certifications you’ll need. You can subscribe to email newsletters, attend webinars, or listen to Maglente’s podcast, Small Tech, Big Compliance, to stay updated on trends in the space.
Takeaways
To ensure regulatory compliance, it's crucial to collaborate with engineers and other stakeholders. Together, you can gain a comprehensive understanding of what your risk profile might look like, considering numerous factors such as industry-specific regulations and evolving legal requirements. Once you've established a clear understanding of your compliance obligations, utilizing a Contract Lifecycle Management (CLM) system can centralize and standardize your processes, streamlining compliance management across your organization.
Remember: compliance is a team sport, and by working together, you can proactively mitigate risk in a rapidly-changing regulatory landscape. Request a demo of LinkSquares today.
