5 GRC Trends to Watch Out For in 2023

When performing a covert investigation, for instance, to detect if a user has been stealing intellectual property, it’s no longer a case of physically borrowing that laptop. Security teams now need to obtain remote access to that device and to scan and image it.

By centralising the data it can be analysed by a designated expert or segmented and sent to multiple teams all of whom may also be working remotely. Advances in workflow automation are helping corporations adapt to the new normal by reducing the dead time associated with processing in this way with workflows that collect, review, and extract non-relevant data before assigning for review.

Many organisations are looking to slash their external review or DSAR fulfilment costs associated with data protection regulations which run into thousands when external counsel is used. It makes much more sense to bring such processes in-house where they can be carried out using automated legal GRC software by non-legal team such as HR.

The drive to bring more legal processes in-house will also see demand intensify for solutions that prioritise the user experience (UX) and make legal processes less opaque. Platforms that offer a single user interface and visual dashboards will gain the edge over competitor solutions because they will minimise the need to train non-legal users on how to access this data.

At the same time, we’re seeing the need for more checks and balances to be built into the technology to ensure data is shared correctly over international boundaries, with any potential violations flagged to team leader or administrator. This is making it much easier for organisations to streamline their data processing across multiple jurisdictions.

Now that more and more of the world has adopted privacy legislation, consumers are pushing for a better privacy experience. This will compel businesses who wish to gain ground to prioritise privacy.

We believe that most organisations that have extensive customer facing touchpoints - be that websites or applications – will therefore need to become more proactive and to bake privacy into their service offering.

The regulations came into force in 2018 so next year will see many of the solutions originally put in place amortised at the end of a five-year lifecycle. That software has outlived its usefulness and the data mountain has grown under the feet of the business.

Many of those that went through that first wave are saying, ‘Yes, we did it, but the process was quite manual and painful to achieve, so let’s do it properly this time round using automation’. The overwhelming impetus for the government will be stay aligned to EU GDPR so as not to risk its position with respect to data adequacy.

Light changes may be made but the fundamental principles will remain intact because otherwise the government risks providing the EU with ammunition over which to contest our adherence to the adequacy requirements. There’s no political will to diverge from the core precepts of GDPR so companies can expect little disruption to their current approaches to compliance.

It’s no longer a small specialist unit providing output to another specialist unit but has become the ‘bread and butter’. What hasn’t changed as quickly is the budget allocation to reflect its pervasiveness. At the present time, there’s no coordinated process, with each force handling it differently with different forms, hardware and software.

This limits functionality, prevents efficiency and increases the cost to the taxpayer. So, a more national standard of processing and data review would provide a more cost effective and efficient service. Police forces who invested in their infrastructure pre-Covid are now faced with needing to do so again to cope with rising data volumes.

Do they do that amid spiralling costs or move to the cloud? They recognise the value of being able to review their data from anywhere without the geographical constraints of getting data to the DFU, can see the advantages of more powerful processing and moving from a CapEx to a subscription model but are unsure of how to do so.

The overarching concern for the police has been how to store data in a legally defensible manner but with the storage of sensitive evidence in the cloud having been validated during the West Midlands Police digital forensics project, next year should see the way clear for forces to move their digital forensics from on prem in a bid to reduce outlays and control costs through scalability.