1. Have a programme
We get it. Privacy can seem complicated, and often drops lower in the pecking order of the day-to-day tasks involved with leading a growing business. Consequently, many CEOs don’t take an active role in ensuring their company has an up-to-date, continuously improving privacy programme – or even a privacy programme at all.
But this isn’t a smart way to lead. Privacy is a growing concern for customers, employees, and regulators; improved privacy is already a competitive advantage in many marketplaces. Consumers – and investors – want to see adequate privacy strategies in place. Many will refuse to do business with companies that can’t demonstrate where they stand on using, protecting, and giving individuals rights in relation to personal data.
2. Have a crisis plan
Those that do not prioritise privacy increase the risk of data breaches. Employees who are less informed about why privacy is important and how it should be protected are more likely to make poor decisions about data usage – putting personal data and their organisation’s future at risk. Even forward-thinking companies that invest heavily on cyber-security can come unstuck due to human error or sophisticated ransomware attacks.
A crisis plan is crucial. Companies have a legal obligation and a financial incentive to report and respond to data breaches in a timely and open manner. If your organisation falls victim to a breach, a simple action plan could save your business millions of pounds in fines and lost revenues due to reputational damage, plus an enormous amount of aggravation.
3. Appoint a privacy lead
Privacy can fall into the cracks between legal, operations, marketing and even finance departments, resulting in inertia because nobody has been made responsible for developing and maintaining a privacy programme. Does your organisation have someone who ‘owns’ privacy? Organisations have ‘leads’ on sustainability because it’s important to organisational reputation, and it can deliver cost and other benefits. Privacy is no different. CEOs should delegate responsibility to one individual, ensure expectations are clear, and regularly check in on progress.