Recently, Garth Watson participated in a webinar with other leading technology companies providing services in the domain of managing compliance with regulation.
Here is the transcript of his "pre-panel introduction".
A high-level look at regulatory compliance
Hello everyone, thanks very much for having me. I'm going to give a quick high level overview of regulatory compliance and tech and explain where Libryo fits in and then I'll explain Libryo, ending with two case studies or use cases, one in the telco industry and one about GDPR.
Kicking things off at a high level, regulatory compliance has 3 parts. You have to know the regulations that apply to your operations, then you need to manage operations in a way that complies with the regulations, then you have to audit your operations and report against them.
Libryo is all about knowing.
As far as managing and assuring is concerned, we integrate with GRC (governance risk and compliance) technologies which are great at these.
How Libryo helps one to know
Knowing is a problem, especially for multi-nationals.
Relevant applicable obligations are usually pretty clear, once you get to them, but they are hidden in reams of terribly organised legal text, and it changes all the time so to get to them you have to employ expensive lawyers, either in-house or retained.
So how's it done?
Each of a company's operations has distinct attributes; the jurisdiction, and the precise attributes of each operation. For example a pharmaceutical factory in France is different from warehouse in the UK, which is different from an online distribution presence.
These attributes are legal triggers- the things that determine what regulatory provisions apply at a given operation, the regulatory universe.
Libryo uses these triggers to configure a legal universe for each distinct operation at a per-section level which has all and only the applicable provisions. The provisions are enriched with plain language summaries and meta-data that enable time pressed managers quickly to find the applicable provisions for the thing they are doing at their moment of relevance. We call each enriched legal universe a "Libryo".
Imagine I am an environmental manager, I am at site x in jurisdiction y and today I am dealing with an oil spill on unprotected ground next to a river.
What regulations apply to me? What must I do? What will keep me out of jail?
To know these things, I pull up the Libryo for that operation and search "oil spill". What I'll get is the needle in the haystack, and either know what to do, or know to call a lawyer.
In the past regulations were organised in libraries in broad categories like company law, environmental law, data protection law etc. But now, Libryos are organised according to the things specific regulations apply to them in their unique context (the oil spill example is an example of this).
I'll illustrate this with 2 examples.
Many operations across many borders
An international telco operating over 45 Sub-Saharan Countries with over 28000 towers across them. They needed to know the environmental, health and safety regulations that applied uniquely to each tower, and to be updated when the regulations changed.
They are now using Libryo to do this more efficiently and accurately than if it was done manually and are saving hundreds of thousands of dollars per year in legal and compliance team resourcing- letting their lawyers do things that really add value.
Data protection and GDPR
Then take data protection. In the UK you have the Data Protection Act, and The Privacy and Electronic Communications (EC Directive) Regulations 2003 which implements the EU ePrivacy directive and now, from May next year you have GDPR, which applies directly and sits alongside the ePrivacy directive.
Say you are a marketer wishing to do an email campaign targeted to a specific type of persona audience across the EU based on their prior engagement with your online presence obtained using cookies. Is your campaign lawful?
Marketers don't know to how to research things like a lawyer, and also don't know how to apply what they find to operating contexts, which here is EU wide, not to mention somewhere in the cloud.
So, with Libryo - you'll select the relevant legal universe, and search what you know - "cookies" and "email campaign. You'll get all and only the relevant provisions, and you'll know what you can and can't do, or if its one of those rare cases where the law is grey and a lawyer is really needed, you'll know that too!
So what regulations apply to you at work, for what you are doing?
With Libryo - now you know.