Governance, Risk & Compliance: GRC
July GRC News: Five Regulations Impacting Business Around the World
Monitoring evolving regulations is a strategic business advantage. Doing so helps businesses stay compliant, manage risks effectively, and maintain a competitive edge. Understanding and adapting to new regulations can also prevent legal issues, enhance operational resilience, and build stakeholder trust. In short, it’s about how you can leverage regulatory change as opportunities for growth and improvement.
Here are five of the many regulations organizations must monitor and pay attention to, depending on where you operate in the world:
GDPR
In Europe, the General Data Protection Regulation (GDPR) continues to set the global standard for data privacy and protection. Here, organizations must comply with stringent data handling and reporting requirements to avoid significant fines and reputational damage.
In terms of what’s been going on recently, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has adopted a stringent stance on data scraping under the EU GDPR, considering most scraping activities by private sector organizations as infringements. This new interpretation could significantly impact the development and deployment of AI technologies—particularly those involving the training of AI models using scraped data.
CCPA
In the U.S., the California Consumer Privacy Act (CCPA) impacts data privacy and consumer rights, setting a precedent for other states. Businesses must ensure transparency in data collection and provide consumers with control over their personal information.
CPPA last December released draft regulations for AI and automated decision-making technology (ADMT), aiming to enhance transparency and consumer rights by requiring businesses to issue pre-use notices, provide opt-out options, and explain ADMT’s impact on consumers. These rules require businesses to issue pre-use notices, provide opt-out options, and explain how ADMT impacts consumers. These rules, which impact businesses that meet specific criteria and may shape the future of AI regulations in California and beyond, are anticipated to be finalized in mid-2025.
CS3D
In both EU and non-EU countries, there’s the German Corporate Due Diligence Directive (CS3D). This regulation emphasizes human rights and environmental standards in supply chains. Here, companies are required to implement due diligence processes to identify and mitigate risks.
Regarding recent news, the European Union has adopted CS3D, requiring EU and certain non-EU companies to address human rights and environmental impacts within their operations and supply chains. This directive, impacting all EU member states, mandates companies integrate due diligence into their policies and risk management systems, with compliance expected by 2027-2029, depending on company size.
Sarbanes-Oxley Act
SOX continues to enforce corporate governance and financial practices in the U.S., ensuring accuracy and transparency in financial reporting, and protecting investors from fraudulent activities.
Regarding SOX, the U.S. Supreme Court has ruled whistleblowers do not need to prove an employer’s retaliatory intent to receive protection under the Sarbanes-Oxley Act. In Murray v. UBS Securities, LLC, the Court unanimously held that whistleblowers must only demonstrate that their protected activity was a contributing factor to any adverse employment action taken against them, which significantly eases the burden of proof for whistleblowers in such cases.
Modern Slavery Act
In the U.K. and Australia, this act requires businesses to report measures taken to prevent modern slavery in their operations and supply chains. Here, companies must demonstrate their commitment to ethical practices.
Along the same lines, Canada has enacted the Fighting Against Forced Labour and Child Labour in Supply Chains Act. This mandates companies disclose their efforts to combat modern slavery within their supply chains. This legislation, similar to laws in the U.K., Australia, and the U.S., requires businesses operating in Canada to report annually on their policies, due diligence processes, and measures taken to prevent forced labor and child labor. Companies must also post these statements prominently on their websites and ensure compliance across their supply chains, impacting both Canadian and global entities engaged in trade with Canada.
Final Thoughts: What’s Next?
SAI360 helps companies navigate new regulations by providing integrated Governance, Risk, and Compliance (GRC) solutions that include compliance management, risk assessment, and real-time updates on regulatory changes. SAI360’s platform enables businesses to streamline their processes, ensuring they meet regulatory requirements efficiently and effectively.
Let’s Start a Conversation
Schedule a virtual coffee with a team member to learn what new regulations may impact your business and how to stay prepared:
References:
McClure, C., Baker, J., & Laarman, E. (2024, April 25). FAQ on Canada’s new modern slavery act. Crowe. https://www.crowe.com/insights/faq-on-canadas-new-modern-slavery-act
Morgan Lewis. (2024, May 23). EU Regulator Adopts Restrictive GDPR Position on Data Scraping Impacting AI Technologies. Morgan Lewis. https://www.morganlewis.com/pubs/2024/05/eu-regulator-adopts-restrictive-gdpr-position-on-data-scraping-impacting-ai-technologies
Kosinski, M. (2024, May 28). What you need to know about the CCPA draft rules on AI and automated decision-making technology. IBM. https://www.ibm.com/blog/what-to-know-about-ccpa-ai-automation-regulations/
Houston Harbaugh, P.C. (2024, June 18). SCOTUS: Whistleblowers need not prove retaliatory intent under Sarbanes-Oxley Act. JD Supra. https://www.jdsupra.com/legalnews/scotus-whistleblowers-need-not-prove-1406895/
