Jacob Høedt Larsen closely follows the development in compliance. He runs experience-sharing networks with compliance officers and hosts the podcast Sustainable Compliance. Therefore, he is up to date on the challenges compliance practitioners in companies and organisations face.
- Compliance is really complex, and there are so many moving parts. New regulations and requirements constantly emerge. In addition, we always have to adapt to new technologies. And as if that wasn’t enough, there are also some skilled business developers in all organisations coming up with new ways to use data. It is simply a huge task to handle compliance in the real world, he says, and concludes:
- Therefore, it's important that the GRC solutions are designed to be simple to use.
A mosaic of compliance
In most companies today, compliance consists of many different pieces. GDPR, various ISO certifications, NIS2, unannounced audits, and transfers to inadequate third countries. Companies need to streamline their data so that it's also practically possible to handle the compliance task.
- Wired Relations is very much designed in a Scandinavian way, so we can perform the compliance tasks in a single system - this provides an overview and simplicity. I speak with many who work in far too complex systems, either because the compliance system itself is complex, or because they use different systems for individual parts of the task, says Jacob Høedt Larsen.
A GRC system should be able to handle GDPR and other rules and requirements, but also risk management and effective documentation processes - preferably in a way that is easy to manage.
- I speak with many who are looking at compliance systems. And it's clear that the path to compliance hell is paved with complicated systems that only external consultants understand, says Jacob Høedt Larsen.
Simple for colleagues and management
Wired Relations encourages all companies that want to buy a compliance system to let colleagues test the system before purchase. If both the compliance officers, those who only work with compliance occasionally, and management can intuitively use the system, then it's the ultimate test of user-friendliness.
- If you’ve worked with data protection and information security for many years, you can understand any system. But we also need input from colleagues who don't have that experience. Therefore, it should also be evaluated whether they understand the system because that is a sign that a lot of the legal intricacies are cut from the solution and replaced with user-friendliness, says Jacob Høedt Larsen.
He also emphasises the visual presentation of data that can be extracted from the system. Often, it's necessary for the compliance department to report to the management in an understandable way, and this process should also be simple.
- Managements appreciate the easy visualisation and approach to questionnaires. They see the point in moving away from complicated compliance systems, so the solution can be more easily anchored in the organisations, says Jacob Høedt Larsen.
Increased overview and maturity
When a company integrates a new GRC solution, it's often a crucial step in terms of strengthening compliance and risk management. At the same time, you should consider whether the system can replace other systems as well.
- Wired Relations has explored the needs of compliance people in the real world and based the system on this knowledge. The documentation needs to be in order. That is the essence of what Wired Relations offers, says Jacob Høedt Larsen and concludes:
- It creates a much better overview of our data flows, and it matures risk management and generally improves documentation.