Adapting to a volatile regulatory environment is the top priority in 2019, with just 4 in 10 Privacy Executives confident about adapting to new regulations, according to a study by Gartner (https://www.gartner.com/en/newsroom/press-releases/2019-04-23-gartner-says-just-four-in-10-privacy-executives-are-confident-about-adapting-to-new-regulations).
Other key priorities stated in the study also highlight that establishing a Privacy Strategy to Support Digital Transformation, Implementing an effective 3rdparty Risk Management Programme, Strengthen Consumer Trust and Brand Loyalty, and Identifying Metrics to Measure Privacy Programme Effectiveness completing the top 5 priorities listed in the Gartner survey.
- Adapting to a volatile regulatory environment isn’t only a challenge, but the study also highlights that there are significant gaps between desired objectives and where executives currently view their organisation’s progress.
- The study also goes on to state that most executives lack confidence in their existing plan around a strategy to support digital transformation at their organisations, and the challenge of formalising information governance remains a key concern amongst privacy executives.
Whilst Gartner gives some recommendations such as “designing an information governance framework that focuses on formal structures, and more on business purpose… accounting for privacy risk in cross-functional strategic planning exercises”, we at Deslyon expand on this by recommending that organisations should structure their privacy team once the privacy strategy is developed, but this can only be developed once the organisation has created a mission statement or vision for their privacy management (a key factor that lays the foundations for the rest of the privacy programme).
When defining the scope of a privacy programme, the organisation must understand the global perspective for which their organisation operates within. What are the local laws, what is the local culture, and what are the personal expectations within the country that your organisation operates/serves customers in? Only then can you customise your privacy approach from both a global and a local perspective.
Organisations can research various established frameworks as inspiration for their own model. It may be the case that no one particular solution mitigates all privacy risk, so it is vital that the right resource, knowledge and expertise is applied to help the organisation in reaching its objective (as set out in its mission statement).
Of course, in order to assess whether the framework is operating successfully it is important to implement performance measurement tools, for which the organisation will be able to assess its performance against pre-determined metrics. If chosen correctly, these metrics will provide key insights as to how the privacy framework is delivering in line with organisational objectives, as well as deliver key findings as to where improvements are required.
Developing a privacy strategy and framework can be both complex and challenging. Of course, it doesn’t stop there, as organisations need to continually monitor Legal/Compliance factors to ensure that the organisation keeps up-to-date on both global and local regulation, but the qualified expertise delivered by the team here at Deslyon, we can help you navigate through the twists, turns and bumps in the road – even if you haven’t set out on your journey towards compliance yet.
Contact firstname.lastname@example.org to find out more.