How AI-driven data management helps organizations meet rising regulatory challenges

Enterprises must reimagine their data and document management to meet the increasing regulatory challenges emerging as part of the digitization era. 

Laws such as the EU’s General Data Protection Regulation (GDPR), Saudi Arabia’s Personal Data Protection Law (PDPL) and the EU AI Act, underline the scale of the compliance challenge facing business. 

With data volumes and AI deployments set to grow, as well as new regulatory requirements in areas such as sustainability, it’s clear this must be a high priority for technology leaders.  

The cost of compliance

These challenges are already leading to higher costs and greater operational risk for enterprises. According to figures from the Cato Institute, U.S firms spend on average 1.3% ‒ 3.3% of their total wage bill on regulatory compliance. 

Research from Drata suggests that companies spend an average of 4,300 hours annually achieving or maintaining compliance. 

Breaching regulations can prove expensive. In 2023 alone, global regulators imposed $10.5 billion in total fines. Clearly, compliance poses a significant operational risk that can only be overcome by robust systems and processes.

Heather Herbst, IDC research director, Office of the CFO, sums up the challenge: 

“Compliance can affect not only the investors, owners, and board of directors but also those who are employed at the company; Therefore, it affects many people’s lives and can change the trajectory of the company and its employees.” 

Where to start

Businesses should start with their document and data management capabilities. It’s thought that 94% of annual compliance costs stem from the labor-intensity of this business area. Improving these workflows can therefore yield significant quick wins.

Commonly, businesses face three major challenges with regard to data and data management:

1. Data volumes. The total amount of data created, captured, copied, and consumed globally is forecast to increase from 64.2 zettabytes in 2020 to 181 zettabytes in 2025. Enterprises can struggle to get their arms around this vast pool of data, yet having complete visibility of data, as well as the ability to quickly source and validate data for reporting, is critical.
2. Dark data. One particular challenge lies in managing “dark data” (i.e., data generated by businesses, but which lie unused and forgotten in various systems, applications, and hardcopy documents). According to Robert Gerbrandt, Global Head of Information Governance Advisory at Iron Mountain, dark data is risky data. “Estimates vary widely, but typically at least 20% of a company’s data is either redundant, outdated, or trivial,” Gerbrandt explains. “However, this data can contain regulated datasets such as personally identifiable information [PII] and is therefore a significant operational risk.” 
3. Data classification. Greater visibility of data is also required for businesses to be able to determine the nature of a document in order to understand, for example, whether it is confidential information, a work product, or an HR document. This can be a particular challenge for businesses that maintain large volumes of physical documents in storage.

Getting full visibility of data enables businesses to put in place a defensible data management process. As Gerbrandt explains: “Globally, we have identified and collated approximately 75,000 rules around data retention that companies need to be aware of as they set about cleansing and managing their data. They must be able to quickly understand their data and categorize it so they can apply the right parameters and security access. This has traditionally been a massive challenge for businesses and one of the reasons that compliance costs are so high.”

The role of AI in enhancing data compliance

Today, new approaches to solving these are being made possible by the latest generation of AI tools. “We are now able to use AI to interact with and interrogate data faster and more effectively than in the past,” says Gerbrandt.

Iron Mountain’s own InSight Data Experience Platform (DXP) is an example of just such an AI-based approach. The platform allows businesses to scan, search, view, manage, archive, and dispose of both physical and digital records and information management assets. 

The platform reduces the time, effort, cost, and errors associated with responding to discovery requests by automating document processing, triggering potential exceptions or violations so businesses can comply and quickly respond to audit requests.

More importantly, the platform helps address the challenge of classifying and managing dark data. “InSight DXP removes the barrier between digital and physical content and shines a light on organization’s darkest data,” explains Gerbrandt. “Once a document is scanned into InSight DXP, the AI engine uses metadata to determine the document type and apply the right retention rule so compliance teams can manage the information appropriately.”

Reducing risk and cost

InSight DXP helps businesses reduce risk and avoid costly fines through information governance best practices and tools. With the platform, records retention and data privacy policies are automatically applied, helping businesses to know their obligations and show compliance. 

“By combining Iron Mountain’s Policy Center solution, our industry leading retention schedule management tool with InSight DXP, you essentially have a rules engine that gives organizations visibility into what they should be keeping,” says Gerbrandt. “From there, companies can safely dispose of redundant data, which helps reduce their storage costs. Using this rules-based approach, the platform can also apply the necessary data-protection policies and access controls to ensure compliance with stringent privacy and security regulations.” 

The impact of InSight DXP is profound. According to independent analysis by Forrester, the platform increases the efficiency of finding documents and information by 40%, improves the cataloging and understanding of documents by 55%, and reduces the time spent on compliance by 25%. Forrester’s analysis found that a composite organization would experience benefits of $5.29 million over three years versus costs of $1.78 million, a ROI of 196%.

Compliance made easy

There’s no escaping the fact that the regulatory burden on businesses, already high, is only going to increase in the years ahead. Companies that deploy AI-powered systems will be best placed to meet their regulatory obligations while reducing the cost, time, and effort involved. AI can thereby help reduce risk while boosting efficiency. 

For more information on how Iron Mountain can help put AI to work in your compliance efforts click here.