In this Help Net Security interview, Marco Goldberg, Managing Director at EQS Group, discusses how compliance and regulation are evolving worldwide. He talks about how organizations can stay compliant with international rules while keeping their systems practical and user-friendly.
Goldberg points out that getting compliance right goes beyond avoiding penalties and helps build trust with customers, partners, and regulators everywhere.
If you could design the ideal compliance platform from scratch, how would you merge European privacy rigor with American usability and speed?
An ideal platform should be engineered on a foundation of European-style privacy rigor and security, making data protection a core feature from the ground up, not an afterthought. At the same time, usability of the system for all stakeholders should be a priority as systems are only as valuable as they are used. This would involve leveraging cutting-edge technology to build a platform that is inherently secure and compliant with regulations like GDPR, as well as adaptable to comply with all global existing and future regulations, including U.S. regulations, all while remaining user-friendly and scalable.
The design would prioritize an intuitive user experience, fast implementation, and seamless integration with existing enterprise systems, which are critical for gaining traction with large U.S.-based multinational corporations. The platform should not just be a tool for compliance but a business enabler, designed for speed and usability while maintaining the highest standards of data integrity.
What’s one blind spot you consistently see in U.S. organizations trying to navigate regulations like GDPR or the EU AI Act?
The reliance on outdated, disparate legacy systems that are not equipped for global-scale compliance. Many U.S. companies have grown through acquisitions and built their infrastructure on fragmented systems that work well enough in a single, less-regulated market but fall apart when faced with the complex, interconnected web of international regulations.
This lack of a centralized, streamlined platform creates operational inefficiencies and a high risk of non-compliance. Instead of being able to manage data and risks from a single pane of glass, they are forced to use multiple tools and manual processes, which increases the likelihood of human error and makes it nearly impossible to maintain a holistic view of their compliance posture across different jurisdictions.
If you were advising a CEO, how would you explain the reputational risk of getting compliance wrong in a world where customers, regulators, and partners are all watching?
The reputational risk of compliance failure is not just a legal or financial issue, but a fundamental breach of trust. A single data breach or compliance misstep is instantly visible to customers, regulators, and partners globally. The resulting reputational damage can be far more costly and lasting than any financial penalty. Customers are increasingly aware of their data rights and are more likely to do business with companies they trust.
Regulators are watching closely, and a public enforcement action can tarnish a brand’s reputation for years. Furthermore, business partners are also paying attention, as they don’t want to be associated with a company that has a poor track record on data security. A CEO must understand that their company’s reputation is a non-negotiable asset, and a failure in compliance can lead to a long-term erosion of customer loyalty and market standing.
What’s a lesson you’ve learned in your career that U.S. executives need to hear as they prepare for a more interconnected regulatory environment?
The need to look beyond their domestic borders and embrace a truly global perspective. In a global market, success often comes from recognizing and integrating the strengths of different regions. U.S. executives must move past the mindset that their domestic approach is sufficient for all markets. Instead, they should seek out partners and technologies that are built to handle the complexities of a multi-jurisdictional world. This means embracing a proactive, rather than reactive, approach to compliance, and viewing it not as a burden but as a strategic opportunity to build trust and gain a competitive advantage in the global marketplace.
Source link
