Business leaders are aware that failing to deal with privacy is a risk. They worry about potential fines, but it’s the risk of reputational damage to both their company and themselves that keeps them awake at night. Poor privacy compliance can derail deals, destroy brands and damage morale — and a lack of investment in privacy is often a false economy.
So why is privacy still on so many leaders’ to-do lists? First of all, many organisations don’t know where to start. They’re lost in a fog of too much information and are confused about how to choose the most simple and effective solution. They worry about who will do the work and how much it will cost. Others don’t know what “compliant” means, let alone how they can prove compliance if a regulator ever comes knocking on the door.
So how do the various solutions for getting privacy sorted stack up? We made a list…
Hire a privacy consultant
This seems like an easy choice. If you don’t know what to do, hire a contractor who does. You could also ask that contractor to be your Data Protection Officer (DPO) and outsource that ongoing responsibility as well.
- Offers the possibility of a bespoke solution
- A consultant should know what a good privacy compliance programme looks like
- They could possibly act as your DPO if you need one
- Consultants are expensive and their quality is variable
- A consultant will never know your business and the personal information it processes as well as your own people do
- They may find it difficult to motivate your staff to assist in embedding privacy within your organisation
- A consultant may require you to buy additional software tools to support their work
- When they are gone, their expertise is also gone and your programme risks quickly becoming out of date
Hiring a consultant is probably more suitable for a project rather than a sustainable, ongoing programme. It enables the outsourcing of the privacy problem but the consultant is unlikely to truly understand your organisation’s personal data processing. This solution won’t last forever and could end up being expensive.
Speak to a lawyer
If you want to comply with the law, you get a lawyer, right? You may already have a lawyer that you trust. If not, there are some great privacy and data protection lawyers out there – and if you would like a recommendation, I’m happy to provide one.
- They will know the law (a good start!)
- If you already have a lawyer that you trust, it may be a safe bet
- This option can be frighteningly expensive
- They’re unlikely to know enough about your business and its data
- Their ideas could be more ‘legal’ than ‘practical’
In my opinion, lawyers are better placed for when something goes horribly wrong, or when you need complicated, bespoke advice on a particular transaction or project. They’re less suited to coming up with a cost effective and comprehensive privacy compliance programme.
Solve it with software
Prior to the introduction of the GDPR in 2018, there was an influx of software providers claiming to be able to solve your privacy needs at the click of a button. Some software can definitely help. But often it’s not as straightforward or as complete a solution as it claims to be.
- Software can use automation to speed up some tasks
- It can enable organisations to demonstrate performance of some privacy measures
- It can be helpful for large organisations
- Software doesn’t tell you how to build a privacy compliance programme
- It requires someone who knows privacy law and how to use the software
- Software often appears complicated and lacking in structure
- Software only automates some of the tasks associated with privacy compliance, such as subject access requests and auto deletion
- There are often additional integration expenses and other hidden costs
There is no software solution that can do the whole job for you. Technology can be useful, but organisations will still require a knowledgeable individual to assess the landscape, and deploy software appropriately. It can be expensive to implement, especially when additional consultancy and integration fees are taken into account.
Do it yourself
If you have the time and the enthusiasm, you can tackle privacy compliance yourself. There are lots of free resources on the internet including the ICO’s own website. It can be time consuming and daunting though.
- There are no consultancy or software costs
- There’s plenty of free information available online
- It’s difficult to know where to start, or what to prioritise
- It’s easy to feel overwhelmed – there just seems to be so much to do!
- It requires a huge time commitment to read, learn and implement everything without really knowing whether you are doing it right
In short, this approach is ok if you don’t have the money right now for a quicker and more effective solution.
Many organisations opt to employ somebody well versed in privacy matters if they don’t already have someone with the knowledge within the organisation (or the enthusiasm to retrain).
- They should be an expert and will get to know your company and how it processes data
- They will always be available to answer questions
- Potentially, they can act as your DPO
- The right person can be difficult and very expensive to recruit and retain
- If they don’t succeed in building a sustainable, demonstrable programme which spreads knowledge among other stakeholders, that knowledge is lost when they leave
- They may still need the support of software to make their job easier
Get the right person and this is a good solution, but that’s not always a given. Not only do they need the privacy expertise, but they need to be able to motivate your leadership team and staff to embed a culture of privacy within your organisation.
The Privacy Compliance Hub
The Privacy Compliance Hub offers a simple, structured, comprehensive, privacy compliance programme to best manage your risk. Built by tech lawyers with a proven track record of protecting the reputations of leading organisations, the Hub builds a culture of compliance within your organisation, making it easy for everyone to understand privacy and commit to protecting it.
- The Hub successfully reduces the risk of fines and tarnished reputation
- It enables you to understand the requirements and confidently implement them
- It includes relatable training content so everyone’s on the same page
- It provides the required data protection assurance to your clients and partners
- You’ll have access to powerful reporting tools, so you can always demonstrate your compliance
- It’s cost-effective
- It isn’t a silver bullet
- You still need a nominated project manager (can be internal or external) to drive the programme contained within the platform
We built the Hub to be the simplest and most cost-effective privacy compliance solution for organisations of every size. It tells you what to do and how to do it, it gives you everything you need, and it enables you to demonstrate your compliance, all in one place.
Want to find out more? Get in touch.