The job title of the person responsible for privacy compliance often varies by organisation – from CEO and CFO, to General Counsel to Data Protection Officer (DPO). But you all have one thing in common: you’re busy.
The good news is effective privacy compliance isn’t a one man (or woman) job. It can only be achieved by building a culture of continuous privacy compliance that permeates throughout the whole business. And to achieve that, you need some friends.
Privacy champions to the rescue
As part of using the Privacy Compliance Hub, we suggest that one of the first jobs leaders do is appoint a brilliant team of cross-disciplinary privacy champions. After all, you can’t be everywhere at once, nor are you likely to have the depth of knowledge required to map every team’s processing activities and data flows. The champions provide a strong foundation for your compliance programme to evolve from.
The ideal number of champions will depend on the size of the organisation but there should be a representative from each function of the business and if you are a multi site business, from different locations.
Ideally, they should have:
- Integrity and high professional ethics
- Some project management experience
- The ability to communicate effectively at all levels of the organisation
- A desire to learn more about privacy
- Knowledge of the organisation and the sector within which it operates
Tackling the to-do list
A privacy champion’s primary job is to make sure everyone within their department follows the Eight Privacy Promises. These summarise in a simple way what the law requires organisations to do when they process personal information.
Champions work as a team and meet regularly but each of their responsibilities will look slightly different, depending on their function. They ask the rest of the organisation questions about where personal information is, how it’s used, whether it’s needed, how it’s secured, who it’s shared with, how long you keep it and what you do with it when it’s no longer needed. They all work together, following a clear plan which we provide in the form of a fully automated Route Map.
A privacy champion in engineering, for example, will promote a culture of data minimisation and help implement technical solutions which adhere to the Eight Privacy Promises. A champion in procurement will audit key service providers, vendors and partners which process a lot of personal information or special category information (making sure they too are keeping privacy front of mind). In sales and marketing, champions will ensure the business only collects the information it needs and no more, and manages the marketing database so that only the people who want to receive marketing communications receive them. And in HR, a champion will ensure all new hires complete data protection training in the hub, and that this is scheduled at regular intervals throughout their time with the company.
A living, breathing thing
By appointing a company-wide team that is excited about privacy, and empowered to make a difference, businesses will be far more effective in rolling out a programme of continuous privacy compliance. It’s work that ensures this project is a living, breathing thing, rather than a one-off project to be ticked off and shoved in a drawer. It will only be effective if it adapts as the organisation does.
Privacy doesn’t have to be a chore. Companies are filled with intelligent, driven people who want to make a difference. Appointing a well respected team of champions will indicate to everyone that you care about privacy and are making it a priority. That in itself, as well as the work of the champions, will build momentum and buy in at all levels.
Ready to take the first step? We’ve designed our free GDPR compliance health check for busy professionals like you. It takes just 10 minutes and we’ll email you a personalised assessment within seconds. Or get in touch now to arrange a demo.