2018 promises to be a busy year for compliance officers working in the utilities industry. With EU-wide legislation (GDPR) to localised changes (tariff price caps), there are plenty of legal factors to address. And as firms try to adjust to the new digitally-driven marketplace, compliance will play an increased role in ensuring trial initiatives remain within acceptable boundaries to prevent breaches.
So what can we expect?
After what seems like years of posturing and threats, the General Data Protection Regulation will finally come into force on 25th May 2018. Every organisation holding personal data belonging to UK citizens, including those based outside Europe, will need to adhere to a new framework intended to enhance privacy and control of personal data.
With fines for breaching GDPR reaching up to €20m or 4% of global turnover, there is significant incentive for utilities firms to ensure that they are compliant. And although most personal data is stored digitally, GDPR is not an IT issue. Data protection is the responsibility of every part of the business, so while IT may have data security under control, compliance will also need to train employees and create new processes to govern how that information is used.
And although most GDPR efforts have been focused on protecting the data being held, utilities firms also need to ensure that a customer’s personal data can be recovered and deleted relatively quickly. With the new “right to be forgotten”-type powers included in GDPR, your clients can ask for their personal data to be deleted from all of your systems – including archive backup tapes.
Given recent high profile breaches of corporate security systems, it is no leap of the imagination to expect to see at least one high profile prosecution for GDPR offences during 2018.
The fear of industry disruption from an outsider – think Uber and taxis or Airbnb and hotels – is forcing utilities firms to try and identify new products and services first. Some firms are experimenting with technologies like blockchain, assessing whether it can be used to modernise the grid and their operations.
Already proof-of-concept projects are underway, investigating whether it is possible to reduce the number of intermediaries involved in utilities sales and provision – and therefore running costs. Others are focused on how blockchain can be used to unify a decentralised power network using large scale power plants, microgrids and energy-trading systems like consumer solar power.
Clearly these projects are important, but they also need to be fully compliant – just like your live systems. Under their Innovation Link program, Ofgem provide a special regulatory sandbox to run approved projects against a sub-set of customers. Subject to regulatory agreement, these projects offer real world testing of cutting-edge technologies and enhanced protection for customers involved in the trial.
During 2018, compliance officers will need to be kept abreast of potentially rule-infringing projects so that they can apply for regulatory sandbox access before testing systems in the wild.
Capped energy prices
When the UK government announced a price cap on energy tariffs, many firms were (publicly) surprised. In the battle to protect profit margins and contain costs, firms will need to make savings elsewhere. The compliance department will play a crucial role in determining whether any proposed enhancement or cut meets regulatory standards.
Ultimately, this is nothing out of the ordinary for your compliance department – but they will need to be extra vigilant during 2018 to keep the firm out of trouble with regulators.
2018 – a watershed year
Much of the compliance officer’s role in 2018 will be around building frameworks for the future. GDPR adds ongoing pressure to every data-related operation from May onwards. However new technology projects and the need to create new savings to compensate for potential loss of income through capped utilities bills will force the compliance department to plan hard for the future.
One thing is for sure – 2018 is a watershed year for utilities compliance.