Privacy Challenges – Part 5: Implementing privacy throughout organization

Oct 11, 2016

We have made the promise to help our clients understand their privacy challenges and enable them to tackle them in a way that meets both their business requirements and regulatory requirements. Some time ago, one of our clients posed a central question: “What are key privacy challenges that organizations currently face in your opinion?” So, we decided to create a series of blog posts describing five key privacy challenges that touch organizations regardless of their industry.

The challenges, as we have named them, are:

  1. Data is the new oil
  2. Changing regulation
  3. Lack of tools and best practices
  4. Lack of professionals
  5. Implementing privacy throughout the organization

Implementing privacy throughout the organization

The days when privacy was only a concern of the legal department are long gone. In the digital era, where personal data is increasingly collected, analyzed and stored, many managers face a great challenge in trying to stay top of data processing activities across their organization and in the wider web of actors around it.

Most core organizational functions involve processing personal data, such as marketing, HR, product development, sales, customer service – just to name a few. In addition, organizations need to be knowledgeable about what their third party contractors are doing with their data and to whom are they actually transferring it.

A successful realization of privacy in operations requires attention, investment and cooperation of several actors in an organization. Privacy should be everyone’s issue. For this to happen, high level targets and strategies have to be translated into processes and guidelines. They need to be brought to the level of the most central working unit – the people. Organization’s privacy program’s goals should be translated to the level of individual job descriptions – it should be clear how each role contributes to data protection and what it means for their daily work.

Once the goals and responsibilities are clearly defined, the next step is focusing on capabilities. This includes organization-wide capabilities such as having privacy supporting systems and processes in place, as well as team capabilities. It is essential that employees not only know what they are expected to do but have training and tools available to actualize it – preferably in a jargon-free and easy-to-use format.

However, this is only the beginning of the story. Leading organizations in data protection have understood that privacy is more than a procedure tool kit – it is a part of organizational culture and a way of working that should exceed functions and teams. Protection of individual’s right to privacy is a priority and a part of the organization’s larger responsibility towards its stakeholders.

How to then start building privacy driven organizational culture? Training is a good first step. Educating personnel to understand the key principles of good privacy management not only gives them tools to go about their daily work with privacy in their minds but also sends a clear signal that privacy is a priority in the organization.

As time and resource consuming culture building can be, we believe that privacy supporting operating culture is the very factor that will define competitive advantage for data driven companies in the near future.