How it works
It sounds like a great idea, but how does it work? Is it right for my organisation? How easy is it to use? All great questions. Perhaps we can take you through it.
The Privacy Compliance Hub starts with the leaders of your organisation. By purchasing The Privacy Compliance Hub, your leaders are committing to embed data protection compliance within the organisation. They achieve this by agreeing to comply with a set of what we call Privacy Promises. These are simple, easy to understand promises that each member of the organisation makes to each other and to the outside world. By complying with these promises, the organisation complies with its data protection obligations, including under the GDPR. Sound good? Well read on…...
The leaders of the organisation appoint what we call a Privacy Hub Owner to oversee the compliance project using The Privacy Compliance Hub. Let’s call her Dora.
Dora has worked in the organisation for a number of years, she knows everybody and everybody knows her. She gets stuff done! She appoints a team of what we call Privacy Champions. This is a team of sensible people from across the organisation who will help Dora implement the Privacy Promises using The Privacy Compliance Hub. Let’s call them Claire, Faye, Lee, Ian and Lisa.
Dora and her team of Privacy Champions meet regularly to run your organisation’s data protection compliance programme. They do this by following the Methodology that we provide within the Hub.
The Methodology takes Dora and her team through what they need to do in a step by step fashion. The Methodology is structured into a number of meetings with clear action items which deliver on the Privacy Promises. The Methodology also acts as an account of your organisation’s compliance journey which can be recorded in the Hub to demonstrate that compliance.
In addition to the Methodology, the Hub provides the Privacy Champions with a Privacy Plan which helps the Privacy Champions continuously stay on track with the organisation’s compliance journey. The Privacy Champions use the Privacy Plan as a project planner as they go through each of their compliance activities.
The Privacy Plan acts as both a record to demonstrate compliance to those not directly involved and as a way of clearly allocating privacy compliance responsibilities to the members of your staff nominated to achieve privacy compliance.
To help record the organisation’s data protection compliance journey, The Privacy Hub Owner records significant events in the Privacy Calendar which we provide within the Hub.
As the Privacy Hub Owner and the Privacy Champions attend their meetings and carry out their activities set out in the Methodology and the Privacy Plan, recording significant events as they go along in the Privacy Calendar, they can make use of over 30 template documents provided within the Hub.
How about we give you a real world example of how this all works? OK, let’s go!
Meetings 4 and 5 of the Methodology deal with Promise 4 - Safe Sharing. That promise states that, ‘We only share information with people that we trust’. To enable the organisation to keep this promise, the Methodology and the Privacy Plan prompt the Privacy Champions to carry out a number of activities:
- a Privacy Champion is tasked with drawing up a list of third parties with which the organisation shares personal information;
- this list is recorded in a Record of Vendors / Partners (this is supplied within the Hub);
- the Privacy Champions agree to send Risk Assessment and Due Diligence Questionnaires (again, supplied within the Hub) to third parties with which the organisation shares personal information;
- once those questionnaires are returned, they are checked and stored as records within the Hub;
- the agreements with those third parties are checked to ensure they have GDPR compliant data processing agreement wording. If not, the third parties are sent a Data Processing Agreement for signature (again supplied within the Hub);
- the signed agreements are stored within the Hub and the Record of Vendors / Partners is updated;
- a reminder is put in the Privacy Calendar to conduct a similar review in twelve months’ time.
And that’s all there is to it. The Privacy Champions get into a rhythm of attending meetings, completing activities, recording activities and using the tools and templates within the Hub to establish, maintain and demonstrate compliance.
Privacy compliance can only be done by you - the people in your organisation who make decisions everyday about what personal information to collect and why. Privacy compliance requires collaborative effort between those people, in various departments in your organisation. The Hub is carefully designed to:
- place the responsibility of privacy compliance within the hands of the right people within your organisation;
- provide those individuals with an understanding of what is required and a privacy programme to follow;
- make available to those individuals practical and easy to use tools to implement the privacy programme; and
- achieve a fundamental change in the mindset of everyone in your organisation by making privacy compliance matter, always.
The advantages of using the Hub and embedding privacy compliance in your organisation are that:
- if a potential customer requires your organisation to prove that it complies with data protection laws before awarding you that contract, you can just show them your Privacy Compliance Hub; and
- if a regulator knocks on the door asking awkward questions, all you have to do is show them your Privacy Compliance Hub!