We live in an increasingly regulated world. Regulations have been a fact of life for many years, initially aimed at protecting consumers, such as by mandating food safety standards. Now, most organisations face regulations and standards with which they must comply. Some of these apply only to specific industries, while others — such as data protection — apply to virtually all organisations. 

Failing to comply with these mandates can have severe consequences that include not only sanctions and fines, but also have the potential to seriously impact an organisation’s reputation, and hence its finances. According to the Ponemon Institute’s The True Cost of Compliance report, the cost of regulatory non-compliance is three times greater than putting a compliance programme in place.

Regulations and industry standards  becoming more prescriptive

In the face of a growing reliance on digital technologies, significant uptake of cloud services and an ever-increasing volume of data breaches, many regulations and standards are focused on protecting sensitive data. Some are more prescriptive than others, and those that were less so — perhaps intentionally so that they stood the test of time to a greater degree — are now becoming increasingly prescriptive.

The example of PCI DSS

One example of an industry standard that is known for being more prescriptive than many others is the Payment Card Industry Data Security Standard (PCI DSS). It applies to all organisations that store, process or transmit payment card data and transactions. PCI DSS has recently been updated, with the release of version 4.0 of the standard in March 2022. This latest version has been designed to take into account the increasing danger that organisations face from criminals and to make the standard more applicable to newer environments, such as cloud computing.

Managing the pace of change

According to recent data from Bloor Research, almost three-quarters of organisations find the pace of change in regulations to be a challenge. A full quarter of organisations see the simplification of compliance processes as critical, with 42% stating that such simplification would have a significant positive impact on their organisation.

Organisations subject to mandates such as PCI DSS must make substantial efforts to make sure they understand the implications of the changes. Organisations with extensive compliance teams may be able to take this on alone, but for others the challenges can be daunting. A  simpler route for many would be to engage the services of organisations that specialise in helping organisations to meet such challenges.

Bloor Research aims to help organisations define their needs and assist them in accessing the right support to overcome the challenges they face in this dynamic and evolving regulatory landscape.


Bloor Research International Ltd
+44 (0)1494 291 992

Want to keep up with all our blog posts? Subscribe to our newsletter!