Why GRC and artificial intelligence absolutely belong together

It’s no secret that corporate and government compliance and risk management departments typically have many manual processes. In order to be able to keep up with the mountains of data and regulatory requirements, they are dependent on new technologies – above all AI.


Massive data protection violations, difficulties in adhering to compliance requirements after cyber attacks or the uncovering of serious crimes: the work of internal legal departments and investigative authorities has increased, but not to the same extent the human resources. In order to be able to identify and analyze data in a context-related, fast and cost-effective manner and then present it in a way that can be used in court, they need modern solutions that cover all aspects of Legal GRC. From Exterro’s point of view, three topics will dominate the market in the coming months:


1. Automation accelerates incident management


The GDPR is no longer a toothless tiger, as a look at the number of fines imposed shows. In 2021, European authorities issued more than 400 decisions with a total amount of over one billion euros. Although the lion’s share is attributable to Amazon – but the German data protection officers have also sent out fines totaling over 50 million euros. The fact is that the requirements of the GDPR pose major challenges for many companies in view of data silos and scarce resources. Even seemingly banal cases such as forgotten invitation lists for a company workshop can constitute a violation if, for example, after an employee has left the company, the data stored for this event is not deleted. Automated workflows help here, ideally in combination with robotics and AI-based deletion concepts. Automation can cover many areas – whether it is creating a document, determining the end of a deadline or the existence of a claim or complying with it.




Almost finished!

Please confirm your email address!

Click on the link in the email we just sent you. Also check your spam folder and whitelist us.

More information about the newsletter.

2. Artificial intelligence supports the investigator.


Wherever manual and therefore time-consuming analyzes are necessary to ensure compliance or pattern recognition in investigations, AI-supported solutions can save resources and increase the detection rate. They comb through huge mountains of data at breakneck speed and filter out false-positive messages so that those responsible are not hindered in their work. AI disciplines such as natural language processing (NLP) and deep learning, for example, simplify video evaluation or the labeling of images. The virtual investigators thus provide context-related insights in the shortest possible time and support the real investigators in their investigations.


3. Digital forensics are moving to the cloud


The various cloud offerings are not only popular with companies, but have long since become a way of playing for cybercriminals. However, investigations in the data cloud are difficult: According to the Exterro survey “The Future of the Public Sector”, the greatest challenge lies in data collection (67%), followed by cooperation with cloud providers (65%) and securing (49%) and identifying (40%) data. While local computers can still be searched relatively easily, things are quite different in the cloud with its millions of machines and virtual instances. Forensic investigation tools must therefore be able to collect, analyze and categorize data from the major public cloud sources as well as from the common collaboration systems Microsoft Teams and Google Drive in order to fight crime.


“Stricter regulations, shorter reporting deadlines and the growing flood of data are difficult to cope with with conventional systems. Without the use of modern solutions that use technologies such as AI or predictive analytics to collect and evaluate data and at the same time be able to access the cloud without any problems, companies and law enforcement agencies are in a lost position,” explains Jens Reumessel, Director of Sales DACH at Exterro . “It is just as pointless to look at individual process steps in isolation. In order to break down the data silos that still prevail and to get a 360-degree view of all legal aspects of governance, risk and compliance, what is needed is a holistic platform.”