The European Union General Data Protection Regulation (EU-GDPR) has been effective and binding to implement since May 25, 2018. Most companies have formally done so. But are these and other legal requirements actually being followed by all employees in the company – especially in the current phase of virtual interactivities? Managers are certainly asking themselves today: How can we ensure that every employee follows every legal and other binding rule and regulation? What am I as a manager obliged to do to ensure that any of my employees is complying with existing rules and regulations?
In many parts of a company, “legal compliance” as well as “complying to company guidelines and operating instructions” is a perennial issue. Prominent examples such as Wirecard or the Dieselgate in the automotive industry show the negative consequences of compliance breaches for companies and managers alike.
acondas has been supporting clients in implementing new compliance management systems and corporate guidelines for many years. Compliance topics range from health & safety to environmental protection, data security and data privacy.
From our perspective, there are five key success factors for the implementation of compliance management systems and compliance guidelines:
1. Relevance and priorities
Get a systematic overview of all legal and additional internal requirements and weigh their relevance for your area of responsibility. Critical: prioritize the relevant requirements according to their likelihood and how great the (negative) impact would be in case of a breach. Consider that negative consequences do not only affect people, environment, society and the company’s EBIT short-term, but also its public image in the long run.
2. Systematic approach
After this relevance analysis, focus on the high-priority requirements and plan a systematic process for ensuring compliance and checking implementation. Proceed in a top-down manner, starting with the overall corporate guidelines, then move to department rules and then to working procedures and instructions. Mind the materiality principle, focusing on high-priority topics.
3. Focus (time, attention, resources)
Regularly checking new and existing legal and other requirements in terms of their relevance and materiality, adapting guidelines and instructions, honing employee communication, training and controlling legal compliance – these activities are time-consuming and resource-intense. You and your staff cannot conduct those activities in parallel to your daily work. Therefore, assign dedicated resources with a realistic time budget to these activities. This is recommended regardless of whether those tasks are conducted in a project-like set-up or as dedicated tasks of the line organization.
4. Keep it simple
Keep implementation of legal compliance simple! Neither you nor your employees will benefit from a myriad of incomprehensible guidelines and instructions in “legalese”. Translate legal and other requirements into everyday language for your employees. What does a legal requirement mean for a specific work process or method, for the layout and infrastructure of your work space, for using and handling work equipment? What are examples of desired behaviour, what are examples of negative/non-compliant behaviour? Be very explicit about the consequences when breaching the guidelines and instructions – both for the individual employee, the team colleagues, external suppliers, the environment and the entire company.
5. Measure compliance, delineate consequences
Maintain trust, but verify. Check the compliance with guidelines and instructions, their effectiveness and up-to-dateness on a regular basis. Document all known violations and show zero tolerance in case of a breach. Repeat over and over the importance of compliance both from individual, environmental, societal and company perspectives. Introduce a compliance monitoring which controls (a) whether your team is complying with existing guidelines and instructions and (b) whether those guidelines are effective. Conduct internal and external audits on a regular basis – not to prove that you have a “clean record”, but as a regular check-up and wake-up call.
As you might see, ensuring legal compliance doesn’t require a magic wand, but rather well-structured, planned, prioritized and consequent actions requiring skills and tools closely related to systematic project management skills.
If you have any questions about compliance management, organizational development or other implementation topics, feel free to contact us at: firstname.lastname@example.org