Blogs

Compliance is defined as the process of making sure your company and employees follow all the laws, regulations, standards, and ethical practices that apply to your organization, industry, and country.

Various authorities have enacted rules to ensure that businesses comply with laws, security, and privacy standards. Fines are levied if these are not followed. The following diagram has some questions about compliance. Do your due diligence to find out which frameworks apply to your project.

Compliance requirements are dependent on industry, type of business, services provided, and some standards that your local government requires.

For example, 

• Any company that accepts credit card payments must adhere to the PCI-DSS (Payment Card Industry-Data Security Standard)
• Healthcare organizations must comply with HIPAA (Health Insurance Portability and Accountability Act) to protect patients’ sensitive data.
• SOX (Sarbanes-Oxley) affects all publicly traded firms in the United States.
• GDPR (Global Data Protection Regulation) is a law created in the European Union (EU) to protect the personal data of its citizens. Any company that deals with the data of EU citizens must abide by this law.
• ITA (Information Technology Act) is India’s law highlighting the punishments and penalties safeguarding e-banking, e-commerce, and e-governance sectors.

APP (Australian Privacy Principles) are Australia’s data privacy and protection regulations for the collection use and disclosure of personal information.