Regulatory compliance ensures that organizations are aware of and comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows international and local laws and regulations that are relevant to its operations.
The specific requirements can vary, depending on the industry and type of business. Regulatory compliance also pertains to specific industries. No matter the industry or company size, all businesses must adhere to certain laws and regulations as part of operations.
The specific requirements can also vary depending on the country in which the business operates. For example, if your company is based in the United States but serves customers in Europe, you must follow the local standards (such as the General Data Protection Regulation) that ensure the rights of your European customers.
Regulatory compliance should not be confused with compliance with company policies and procedures, and compliance with internal requirements set forth by the business. While all three types of compliance are important to ensure integrity, safety, and ethical behavior in businesses, it helps to understand the difference.
Pega clients need to comply with local regulations when developing and managing their applications. For example:
- A healthcare provider in the United States must keep the Health Insurance Portability and Accountability Act (HIPAA) standards in mind when developing an application, because personal identifiable information must be encrypted to be kept secure and in compliance.
- A United States-based financial services company that does business in Europe would have to abide by the regulations set forth in the General Data Protection Regulation (GDPR) for their European customers. GDPR regulations need to be considered during development, but also when the application is live, because GDPR gives European customers the right to have their data deleted.
California Consumer Privacy Act - United States regulation
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.
Health Insurance Portability and Accountability Act - United States regulation
HIPAA was created primarily to modernize the flow of healthcare information in the United States, stipulate how personally identifiable information is maintained by the healthcare and insurance industries, and address limitations on healthcare insurance coverage. Dominantly, HIPAA provides security provisions and data privacy to keep patients’ medical information safe.
Federal Risk and Authorization Management Program - United States regulation
The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.
- General Data Protection Regulation
Implementing client-based access control (CBAC) helps you satisfy the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. Personal data is associated with an actual person, not with an abstract entity such as a business.