The Process and Culture Requirements for Exceptional Regulatory Technology

Greg Bellotti, Vice President IT/CIO, Elementis Global

Historically, regulatory projects were passed on to IT departments to check the box meeting a compliance or audit standard. For some projects, staff were trained to adopt new process steps with little or no follow-up. Others created audit reports or alerts if activity surpassed limits. Since regulatory projects do not produce revenue, actually they created cost and add time, business buy in was often difficult to sell. For small-medium businesses, especially multi-national businesses, overspending in regulatory projects (technology, implementation and continuous operation) could significantly impact operating profit. In six sigma terms, these projects were considered waste by many.

But what happens if you are non-compliant? What are the implications? Should we weigh cost of non-compliance as a measured risk?

Enter GDPR, the General Data Protection Regulation. GDPR penalties are so material; it instantly garnered focus from CEO’s, Director Boards and investors. This was no longer a “check the box” regulatory project.

Holistically, Global IT had many tactical efforts to complete; TOMS, DPIA’s, DPO etc. It seemed every vendor was selling a service and toolkit. Timelines were tight and those engaged were frantic with details and checklists. Making matters a bit more challenging was the ambiguity of directives and how to best apply the “reasonable” factor into a plan.

Being extraordinary in your regulatory space requires understanding how you must operate at a process level, adopt process operations culturally and crystalize them together with strong technology platforms that meet your current and future needs.

Reviewing risk, project plans, budgets and new regulations in the wings, it became apparent businesses needed a strategic shift to properly manage GDPR and all compliance projects. Businesses concluded that they must treat them as revenue producing projects, projects critical to sustainability.

Organizationally, businesses learned that technology itself would not solve HR operations or customer management challenges; success in the aforementioned was a result of intradepartmental understanding, process discovery and strategic goals mapped to a technology solution. That would be the methodology businesses would apply to achieve regulatory compliance.

No longer small, regional solutions, global regulatory missions adopt best practice methodology for safety, manufacturing, sales and data management supported by management teams committed to cultural adoption of platforms, process and people to operate within regulatory compliance, rather than report on it as a by-product of various tools.

Regulatory excellence at all levels:

• Data protection

• Legal protections and requirements

• Financial regulations

• Product registration and sales regulations

• FDA/EMA

No longer a burden of effort, but a strategic investment to differentiate your company as a global leader and steward of exceptional operations enhanced with strategic technology.