Privacy & Compliance-platform: Build or Buy?

The big dilemma. We all have to comply with GDPR. There's not much to discuss here. But there are many paths to compliance, and no two organisations are the same when it comes to privacy. Different personal data is collected in different ways and for different purposes.

So how exactly are you going to do it? Well, you have two options:

• building your own system from scratch

• buying a system

Both choices come with a number of advantages and disadvantages. We try to shed some light on this in this blog post, so that you are hopefully well equipped to make the right decision in your particular context.

Yes, as a Privacy & Compliance platform, we are a bit biased. If we (and our customers) didn't think there was a need for a solution like ours, we wouldn't exist. In this post, however, we've stripped away all the good sales arguments and cut the points down to the bone.

Should we go for it?

The solution for most organisations: Buy

The headline is a statement we dare to stand by.

Because despite the caveats we mentioned at the beginning (different personal data in different ways and for different purposes), and that all companies have their own specific requirements, wishes and needs, the entire Privacy and Compliance exercise can actually be managed with an external solution in the vast majority of cases.

This is partly due to the fact that the external solution has been developed with the aim of embracing a wide range of organisations, which is why the product itself is based on common denominators. Therefore, you do not have to invent the deep plate or pay a lot of money to lawyers and personal data counsellors to map your needs or focus areas.

There are a number of advantages to investing in an existing solution and shopping around. We've summarised just some of them below.

1. You share development and maintenance costs with all other users

If you choose to build your own platform, you will be left with the development costs alone. And it's not cheap to build a Privacy and Compliance platform.

With an external solution, you share the cost and investment with all other users, which typically ends up being a cheaper solution and is also an advantage in terms of cash flow.

2. You minimise the risk of bad investments

It has happened more than once in history that an IT project has turned out more expensive and worse than expected, or that the schedule has slipped. In fact, analyses show that more With an external solution, you're not left holding the bag, and you don't have to answer to your superiors if the major development project fails or is delayed again, which happens for more than 7% of all major IT investments do to McKinsey.

3. You are better able to budget and manage your finances

If there's one thing businesses like, it's predictability - especially when it comes to finances. With an external solution, you can easily budget and plan costs into the future depending on your chosen solution. This can be significantly more difficult if you want to build yourself. A analyse from Standish Group has shown, among other things, that 52% of all IT projects have gone over budget.

4. You can quickly implement the solution you choose

There's a saying that you need to multiply development time and budget estimates by two to stay on target. With an external solution, you can start implementing it as soon as you've created your subscription. According to a study by VMWARE an average IT project took around 5 months to develop and implement, while larger projects took 8 months to finalise.

5. You have access to external support and counseling

We know what in-house IT and support departments can be like sometimes - if you're one of the lucky ones who have one. With an external solution, counseling and support are included in the package, and always ready to help.

6. You get a solution built on the experience and best practices of many others

Instead of making all the mistakes and living with the teething problems of your own platform, with an external solution, you get a product that builds on the experience and best practices of many others before you.

7. You have a solution that is continuously updated based on new legislation or technology

Legislation and technology is not a statistic. There are constantly new sections, decisions, and technological possibilities that you have to deal with. That's what an external platform does for you.

8. You can easily access documentation and reporting

Even if you build the world's best platform yourself, getting the numbers and data you need for documentation and reporting out of the platform is often a different matter. Fortunately, this is easy to do with an external solution.

9. You get a solution that is independent of internal resources and specialisms

What happens if a key employee changes jobs or you don't have the resources to maintain or develop your own platform? You can wrap that headache away if you buy something out of town.

10. You minimise the risk of data loss and organisational clutter

You might already be familiar with it today? Documents that have been deleted or changed by mistake, missing access to folders, and documents that disappear without you knowing where. If you use Google Drive or Sharepoint for your GDPR work, you probably know that managing access and folder structure can cause a few grey hairs.

And we could go on and on...

... but we hope you can see the points. Obviously, an external solution also has its limitations. We'll get to those in a moment. But it is also important to emphasise that the majority of Danish companies can advantageously solve their Privacy and Compliance tasks through an external solution.

The solution for the few: Build

Let's be honest: Yes, in some cases, building something yourself makes the most sense. There are situations where a solution built to cater to a wide range of organisations is not the right one.

To put it in a slightly different way, you might ask: Do you need a spaceship? The vast majority of projects fail because the scope becomes too large, the overview is lost, and the project goes off the rails - even with skilled controllers and IT people who know VBA and generally excel in Excel.

Having said that, the following will typically be indications that you should consider building your own platform:

1. You have many and high demands on the platform's custom functionality.
2. You want a high degree of control over everything from the interface to the technical infrastructure.
3. You want to be able to determine the direction of the platform on your own.
4. You have an existing IT and data infrastructure that requires customised integrations to talk to each other.
5. You have very specific requirements or privacy compliance tasks that are not imposed on many others.
   

If you can tick several or all of the above, you might want to look into a do-it-yourself project. As a builder, you get the following benefits:

1. You get full control over everything from the roadmap to the platform infrastructure.
2. You get a customised platform for your organisation and purpose.
3. You only pay for the features you use and therefore develop yourself.
4. You can take into account all your other infrastructure.
5. You have (in theory) low operating costs once the solution is implemented

Obviously, with a solution that you build and own yourself, there will also be some drawbacks or things to be aware of, such as

1. You are alone with the investment - both in the development phase, but also if the project fails or is delayed in whole or in part.
2. You have a relatively long time horizon for implementation.
3. You must be able to handle further development, support, maintenance, etc. yourself or outsource this part.
4. You are responsible for keeping yourself updated on legislation, decisions, etc. that may make it necessary to change or adjust your platform.
5. You are responsible for conducting regular audits and quality assurance of the platform.
   
   

However, it's not just the really big, heavy and expensive setups where it might make sense for you to build something yourself. We sometimes come across customers who:

1. have a legal background/training and experience in compliance and privacy
2. have built all documents, templates, etc. themselves
3. are responsible for maintaining and updating all relevant documents themselves
4. is the only one who has access to change the documents - and thus there are no arrow fingers
5. is the one who handles all work with Compliance and Privacy, so everything comes from his or her hand.
   

Of course, building a foundation takes a lot of hours, but the maintenance is relatively minimal.
In that case, it might make sense to consider building your own.

Cut to the bone, it will ultimately be a question of whether the investment (internal hours, systems, external advice, etc.) in building your own setup is worthwhile compared to being able to buy access to a ready-made solution where you get access immediately. Secondly, whether the difference that may exist in purely financial terms can be justified on the basis of the considerations we have discussed above.

The solution for you?

But what is the right solution for you? That quickly becomes a political answer. Because it depends on...

Only you can answer that question. But we want to help you find the right answers.
We're happy to advise you on your options and what makes the most sense for you in your context.

Book a demo here, based on your starting point and future needs.