We know that as in-house counsel you have a lot on your plate. Where once you were seen as a technical specialist, called upon when there was a specific legal issue, now you’re a business enabler, strategist, and the custodian of the reputation of your business.
Privacy is just one more thing on a long list of priorities. So it’s understandable that it’s not always top of the list, even if you know that data protection and privacy compliance practices in your organisation aren’t in the best of shape. A survey by EY of GCs at 170 UK-based companies, found compliance, data privacy and cyber security are considered the biggest risks facing UK legal departments. But 70% of in-house counsel still don’t feel they have the right tools at their disposal to address those challenges.
Despite the million and one other things that are battling for your attention, this isn’t going away. Privacy compliance is something you need to commit resources to. But you don’t have to shoulder all of the responsibility yourself.
Here’s how in-house counsel can find their privacy happy place.
First of all, don’t keep putting this off. The financial and reputational damage of a data breach and possible fine can be insurmountable. A third of UK organisations lose customers after a data breach and four in 10 customers say they’ll never return to a business after a security issue. Customers are increasingly aware of their rights and concerned about data privacy, so they’re more likely to complain. And the ICO seems more willing to impose fines for breaches. Recent analysis found the ICO issued £42m in fines in 2020/21, a 1580% increase on the year before.
Research the options
If you decide you need help from an external consultant or software solution, make sure you trust what you’re buying. Most organisations don’t know where to start, they worry about who will do what, and about the cost. We’ve previously pulled together the pros and cons of each solution to help leaders decide what would suit them – and their budgets – best.
Build a team
General Counsel are being asked to do more with less. Transactions have to move faster than ever, products and services need to pivot to adapt to external factors, and legal departments are required to demonstrate a deep understanding of the markets in which they operate so that they can look ahead and anticipate problems. But privacy isn’t a one person job and you can’t be everywhere at once. Data is now produced and collected at an exponential rate, across multiple workstreams. Appoint champions to take ownership of each team’s privacy practices and hold regular meetings to catch up with how things are progressing.
Follow a structured plan
If you want everybody singing from the same hymn sheet, you need to implement a structured plan for everyone to follow. Look for a step-by-step approach with regular opportunities for training that is easy to understand for even the non-technical members of your team. Ideally the solution you choose will have the functionality to demonstrate your compliance all in one place – that way, when the regulator comes knocking, it’s straightforward to show exactly what you’re doing and where you’re going next.
Privacy isn’t a one-off exercise, but a continuous work in progress. And it’s one that you’ll be in the best place to tackle by building a team and structure that signposts regular training for all your people. It’s a plan that will evolve in time, just as the company does. It’s about creating a culture of privacy by design, an environment where considerations about privacy have a role to play in every business decision. And fear not, progress is well within reach.