1. Have a programme
We get it. Privacy can seem complicated, and often drops lower in the pecking order of the day-to-day tasks involved with leading a growing business. Consequently, many CEOs don’t take an active role in ensuring their company has an up-to-date, continuously improving privacy programme – or even a privacy programme at all.
But this isn’t a smart way to lead. Privacy is a growing concern for customers, employees, and regulators; improved privacy is already a competitive advantage in many marketplaces. Consumers – and investors – want to see adequate privacy strategies in place. Many will refuse to do business with companies that can’t demonstrate where they stand on using, protecting, and giving individuals rights in relation to personal data.
2. Have a crisis plan
Those that do not prioritise privacy increase the risk of data breaches. Employees who are less informed about why privacy is important and how it should be protected are more likely to make poor decisions about data usage – putting personal data and their organisation’s future at risk. Even forward-thinking companies that invest heavily on cyber-security can come unstuck due to human error or sophisticated ransomware attacks.
A crisis plan is crucial. Companies have a legal obligation and a financial incentive to report and respond to data breaches in a timely and open manner. If your organisation falls victim to a breach, a simple action plan could save your business millions of pounds in fines and lost revenues due to reputational damage, plus an enormous amount of aggravation.
3. Appoint a privacy lead
Privacy can fall into the cracks between legal, operations, marketing and even finance departments, resulting in inertia because nobody has been made responsible for developing and maintaining a privacy programme. Does your organisation have someone who ‘owns’ privacy? Organisations have ‘leads’ on sustainability because it’s important to organisational reputation, and it can deliver cost and other benefits. Privacy is no different. CEOs should delegate responsibility to one individual, ensure expectations are clear, and regularly check in on progress.
4. Then delegate accountability to everyone
But that doesn’t mean the rest of the organisation won’t be involved. The most successful businesses have a shared purpose or vision which unites everyone from the factory or shop floor to the boardroom. Privacy should be no different. While one individual needs to be ultimately responsible (whether as a formal Data Protection Officer or otherwise), everyone needs to play their part in ensuring a privacy programme is a success. Involving every employee in privacy has two main benefits; the first is better decision-making on data usage and security, the second is letting employees know that they work for an ethical organisation that strives to do the right thing.
5. Create a winning privacy culture
One of the mistakes organisations make is preparing a few policy documents on privacy which only the legal department sees, and which soon go out of date due to the changing nature of the business or the regulatory landscape. Treating privacy as a one off project is inadequate. Privacy is fast-moving – consumer attitudes and awareness about how their data are being used are changing, and regulators are showing their teeth.
Privacy needs to stay front of mind, and organisations need to constantly adapt their privacy stance to a changing landscape. That’s where a ‘culture of continuous privacy compliance’ makes a difference. Having a winning privacy culture, where people understand and care about privacy, where individuals know what they have to do to respect privacy in their day jobs, and where the organisation stays on top of changing regulations helps prevent breaches, and the reputational damage caused by poor privacy practices.
Most CEOs do care deeply about privacy and understand the link between successful privacy practices and successful business. Often the only stumbling block is prioritisation, as business leaders fear long, costly, complicated projects that will remove resources from other tasks.
The Privacy Compliance Hub makes it easy to achieve swift, demonstrable, progress on privacy, in a cost-effective way that doesn’t impair work on other day-to-day business priorities. With the Hub you can get started with a fully working privacy strategy straight away. No more worrying that privacy isn’t covered. And one less distraction for CEOs, so they can concentrate on leading their organisation to greater success.