Governance, risk and compliance (GRC) are three things that, like taxes, come part and parcel of running a business of any size. These activities are as welcome as taxes, and carried out with about as much enthusiasm as greets the annual audit. That’s not to say many companies don’t comply in full, and fairly, but let’s face it, no one does it enthusiastically.

As technology becomes more pervasive, compliance gets more complicated. Regulators and governments find themselves having to protect people and businesses from threats unrealised, and unimagined. New legislation around data, and where, when, how and why it may be possessed, moved, stored and used is a case in point.