How it works
It might sound like a great idea, but it has probably got you asking how it even works, whether or not it's easy to use, and, most importantly, whether it is right for your organisation. Perhaps we can take you through it.
So, where does it start?
Data protection compliance starts with the leaders of your organisation. By purchasing The Privacy Compliance Hub, your leaders are committing to embed data protection compliance culture within the organisation. They achieve this by meeting a set of what we call Privacy Promises. These are simple, easy to understand promises that each member of the organisation makes to each other and to the outside world.
By meeting these promises, the organisation complies with its data protection obligations, including the General Data Protection Regulation (GDPR).
How does it actually work?
After purchasing the Hub, the leaders of the organisation appoint what we call a Privacy Hub Owner to oversee the compliance project using The Privacy Compliance Hub. The Privacy Hub Owner will appoint a team of what we call Privacy Champions. Privacy Champions are a team of sensible people from across the organisation who will help the Privacy Hub Owner implement the Privacy Promises using The Privacy Compliance Hub.
The Privacy Hub Owner and their team of Privacy Champions meet regularly to run your organisation's data protection compliance programme. They do this by following the Methodology that we provide within the Hub.
The Methodology takes the Privacy Hub Owner and their team of Privacy Champions through what they need to do in a step by step fashion to meet their privacy, data protection and GDPR obligations. The Methodology is structured into a number of meetings with clear action items which deliver on the Privacy Promises. Also, the Methodology acts as an account of your organisation's privacy, data protection and GDPR compliance journey which can be recorded in the Hub to demonstrate that compliance.
In addition to the Methodology, the Hub provides the Privacy Champions with a Privacy Plan which helps them continuously stay on track with the organisation's privacy, data protection and GDPR compliance journey. The Privacy Champions use the Privacy Plan as a project planner as they go through each of their compliance activities.
Demonstrating your GDPR compliance
The Privacy Plan acts as a record to demonstrate data protection compliance to those not directly involved. The Privacy Plan also acts as a way of clearly allocating privacy, data protection and GDPR compliance responsibilities to the members of your staff nominated to achieve that compliance.
To help record organisation's data protection compliance journey, The Privacy Hub Owner records significant events in the Privacy Calendar which we provide within the Hub.
As the Privacy Hub owner and the Privacy Champions attend their meetings and carry out their activities set out in the Methodology and the Privacy Plan, recording significant events as they go along in the Privacy Calendar, they can make use of over 30 template documents provided within the Hub.
Safe sharing: A real world example of how the Hub works in action
Within the Methodology section of the Hub, Meetings 4 and 5 deal with Privacy Promise number 4 - Safe Sharing. That promise states that 'We only share information with people that we trust'. To enable the organisation to keep this promise, the Methodology and the Privacy Plan prompt the Privacy Champions to carry out a number of activities:
- a Privacy Champion is tasked with drawing up a list of third parties with which the organisation shares personal information;
- this list is recorded in a Record of Vendors / Partners (this is supplied within the Hub);
- the Privacy Champions agree to send Risk Assessment and Due Diligence Questionnaires (again, supplied within the Hub) to third parties with which the organisation shares personal information;
- once those questionnaires are returned, they are checked and stored as records within the Hub;
- the agreements with those third parties are checked to ensure they have GDPR compliant data processing agreement wording. If not, the third parties are sent a Data Processing Agreement for signature (again supplied within the Hub);
- the signed agreements are stored within the Hub and the Record of Vendors / Partners is updated;
- a reminder is put in the Privacy Calendar to conduct a similar review in twelve months' time.
And that's all there is to it. The Privacy Champions get into a rhythm of attending meetings, completing activities, recording activities and using the tools and templates within the Hub to establish, maintain and demonstrate privacy, data protection and GDPR compliance.
Privacy compliance is your responsibility
Privacy compliance can only be done by you - the people in your organisation who make decisions everyday about what personal information to collect and why. Privacy compliance requires collaborative effort between those people, in various departments in your organisation.
The Privacy Compliance Hub is carefully designed to:
- place the responsibility for GDPR compliance within the hands of the right people within your organisation;
- provide those individuals with an understanding of what is required and a privacy programme to follow;
- make available to those individuals practical and easy to use tools to implement the privacy programme; and
- achieve a fundamental change in the mindset of everyone in your organisation by making privacy compliance matter, always.
If a potential customer requires your organisation to prove that it complies with data protection laws, such as the GDPR, before awarding you that contract, you can just show them your Privacy Compliance Hub. The same applies if a regulator comes knocking on your door asking awkward questions, all you have to do is show them the Hub!