We’ve seen this before. When Trump’s tariffs began to rattle global markets, supply chains and logistics that took the hit – but data did too. As geopolitical uncertainty continues to reshape business decisions, the spotlight is on where your data lives – and who ultimately controls it.
Except this time, the stakes are even higher. Storage costs and latency are still priorities, but there are even bigger fish to fry: sovereignty, security and the ever-growing demands of regulatory compliance – and who ultimately has unfettered access.
The compliance squeeze
In times gone by, data governance was a nice-to-have, something you could work towards gradually. Today, it’s non-negotiable. Financial regulators like FINMA have made it clear that companies must not only protect customer data but also prove they can do so in a systematic, documented way.
This means implementing comprehensive data mapping, lifecycle management and loss prevention strategies – all of which are increasingly becoming regulatory requirements.
Of course, many businesses understand the need for strong data security. However, few have the systems in place to manage the full lifecycle of their data – from creation to deletion – in a way that meets the exacting standards of regulators like FINMA. For leading Geneva-based firms who rely on Microsoft 365 hosting, the answer has increasingly been Microsoft Purview, a platform designed to provide the clarity and control needed to stay ahead.
The new compliance playbook
Microsoft Purview pulls together Microsoft 365’s various data governance features and offers a comprehensive framework, designed to help organisations maintain control over their data, meet regulatory requirements and reduce risk.
It’s supremely powerful and full of potential value, and this is what has turned it into the new compliance playbook. Below are some of the ways Purview turns data from risk into resilience.
Data mapping
Purview automatically discovers and classifies data across your digital estate, ensuring sensitive information is properly labelled and protected. This is especially critical for industries handling high volumes of personal data, financial transactions or confidential communications.
Lifecycle management
Purview automates data retention and deletion policies, which reduces risk and cuts down on storage costs. This is not just about deleting files but about ensuring data is retained for the right length of time to meet regulatory requirements, without adding unnecessary risk.
Data Loss Prevention (DLP)
Purview prevents sensitive information from being shared inappropriately, with flexible policy options for different use cases. This includes the ability to monitor and control how data is accessed and shared (both internally and externally).
Unified catalog
Purview organises your data assets into easily searchable categories. This reduces bottlenecks and improves data discoverability. This makes it easier for businesses to locate critical information quickly, ensuring efficiency in data-driven decision-making.
Compliance management
Purview provides pre-built assessments for common industry standards and regulations like GDPR FADP and ISO 27001, and can be adapted to FINMA, DFSA and FSRA with expert support. This means you can start your compliance journey without reinventing the wheel.
As powerful as these features are, unlocking their full value requires more than just turning on the tech. It takes expertise to understand the industry, know how to align tools with specific regulatory requirements, and can guide you through the complexities of data governance. That’s where the right partnership makes a world of difference.
What regulations are (and what they aren’t)
Mohammad Hammoudeh, one of Penta’s lead Information Security Specialists, works closely with clients to assess their current security posture, implement robust risk management systems and ensure ongoing threat monitoring. His team’s primary role is of course to secure data, but they also help clients understand how to configure Purview effectively for long-term resilience. He is keen for businesses to appreciate what regulations are, and what they are not.
“Regulations cannot explicitly call for a particular tool,” Mohammad emphasises. “They typically require that organisations have the right functions and mechanisms in place to support data privacy and protection. They want to see the capability, but they cannot call for a specific product name.”
This situation, Mohammad points out, leaves Geneva-based businesses knowing what they need to achieve, but not how to get there. “FINMA is looking for transparency, accountability and control. Purview offers the tools to meet these expectations, from data mapping to lifecycle management and compliance reporting,” he concludes.
Data strategy takes a team, not just a tool
Still, simply installing Purview isn’t enough. Without a knowledgeable partner, businesses often struggle to configure the platform effectively, leaving gaps in their compliance, security and data management strategies. Also, without ongoing support, a well-designed setup can become outdated as regulations evolve and data estates grow.
That’s why a strategic partner is critical – one that understands the complexities of your industry, knows how to align Purview’s capabilities with your specific compliance needs, and can support you as those needs change.
So, what does the right Purview partner look like for your organisation? Let’s take Penta as an example. With over twenty years of experience in regulated sectors, Penta offers clients a comprehensive suite of data governance solutions built on Microsoft Purview. This includes everything from initial assessments and system design to ongoing support and compliance monitoring.
Unlike some partners who just install Purview and then walk away, Penta’s approach is deeply consultative. We work closely with clients to align Purview’s capabilities with real-world business needs. This means customising data maps, refining lifecycle management policies and implementing advanced encryption measures like Azure Customer Key, which ensures only the client and their IT partner have decryption rights - effectively protecting client data from deep-reaching prying eyes.
Penta also supports ongoing data governance with regular audits, policy tuning and compliance assessments. This makes sure our client’s setup continues to meet evolving regulatory demands. This is especially important in sectors like finance, healthcare and legal, where data integrity and accountability are paramount.
Future-proof your data strategy today
As regulations tighten and the stakes for data protection keep rising, the businesses that thrive will be the ones with a clear, adaptable data strategy.
Purview offers the right tools, and Penta’s long-term support means you can stay agile without constant overhauls, building confidence in your data practices and resilience against future challenges.
Taking charge of your data’s future means taking control of your business’s future. If you’re ready to make that move, let’s talk.
