Putting Privacy into Practice: 6 Tips for Operationalizing Privacy

Written By Jackie WilKosz
A large golden number six, with the text: 'Jackie's 6 Tips for Operationalizing Privacy Compliance Obligations.'
Wooden boardwalk in a foggy, sunlit landscape with privacy tip 1: 'Have a vision.

Have you ever heard of vision boards? If not, here’s a quick primer — they’re like a collage with images and sometimes text or other meaningful visual elements (leaves or flowers, for example) that capture visually how you want to feel or what you want to create in your life. The same goes for developing a data protection compliance program. You may scoff at this and think this is an unnecessary step, but establishing an initial vision can help you get creative and think of options or approaches you may not have considered without going through the process. It may also help you identify expectations or desires that may not be aligned or useful and open for refinement before you move forward. Another way to describe this tip is “define your expectations.” Having this mapped out will help you navigate turbulence ahead and keep you on track.

Tip 2: Evaluate (and re-evaluate) your resources.

Artist's workspace with paints and brushes, illustrating privacy tip 2: 'Evaluate your resources.

What can you realistically accomplish? To help figure that out, you’ll want to evaluate the resources available to you. Be open and look for things you might not at first consider resources. This can come in the form of people in different teams who are interested in privacy, for example. You can join together to learn something new and develop new skill sets as you build. Resources might include existing tools that your organization has in place or tools that are being paid for but not used. They may not be an exact fit, but with a little imaginative implementation, it can get the job done. Try taking what’s there and getting creative, especially if your organization is undergoing budget cuts or has limited resources (such as people, platforms, money). Try to re-purpose rather than re-create from scratch. Is there another well-resourced project that you can plug into? Get creative with outside and internal advisors. You may have exactly — or even more — than you need once you start looking!

Tip 3: Ask for help — and keep asking.

Silhouettes of two people helping each other climb a hill, illustrating privacy tip 3: 'Ask for help.

You’ve probably heard the phrase “it takes a village.” You can say it’s overused, but it definitely applies to implementing privacy requirements. And yet sometimes a privacy “team” can be a team of one–or sometimes none! Those folks who have privacy as one part of their multifaceted job duties, we’re looking at you. Don’t have a dedicated team of privacy engineers or privacy champions? Not to worry. To put privacy into practice, try to get others in your organization interested. Where possible, bring in people from different teams and across your organization. Privacy is a multi-disciplinary effort anyway. You might be surprised to find that there are people in your organization who are interested in privacy and are eager to learn more, even if it adds to their already full plates. Invite them to join your effort and find ways that they can help. They can educate others and can help you learn about company systems so that you can be more effective in the solutions you propose. Have they drafted policies and procedures before? Ask for their input and guidance on building or revising those needed for your organization’s privacy program. Get their help to build a DPIA structure that has interest, pizazz, and buy-in from key teams. What’s that other cheeky, time-worn phrase? “Teamwork makes the dreamwork”? But first you need to ask. Be persistent, keep asking, and ask in different ways. State your request clearly, and let the collaboration flow.

Tip 4: Start small. Take the first step.

Wooden boardwalk steps leading uphill, illustrating privacy tip 4: 'Start small. Take the first step.

Starting out any privacy compliance project can feel daunting, especially if you’re starting from nothing and have a lot of pieces to put into place. When all of that work ahead seems overwhelming and you’re wondering how to make progress, it’s time to shift perspective. Just take that first step and start with a small, simple piece of the privacy program puzzle. Pick one element of the project and reduce it to a series of small, actionable steps. For example, consider getting a basic foundation in place first and evaluate your organization’s data flows. How do you even do that? No money for tools or contractors? Start by talking to one person within your organization, then another, and document what you learn. Conversation by conversation, line by line in a spreadsheet or other document or tool, your record of processing activities will begin to build itself. Be methodical, patient, and curious rather than overwhelmed and inundated. Just get started. Even though you may feel the pressure, you don’t need to get it all done at once. Taking the first step will start the implementation momentum flowing.

Tip 5: See privacy as a value-add, the gift that will keep on giving.

Colorful gift boxes on an orange background, illustrating privacy tip 5: 'See privacy as a value-add.

Privacy can easily be misconstrued as a cost center — an overall expense that eats up resources rather than delivering value, not to mention a potential “roadblock” to innovation and creativity. That point of view misses the return on investment that can result from a solid privacy compliance program–things like enhanced customer trust and smoother transactions. Privacy can be an investment that pays dividends over time. If you see privacy as a value-add, others are more inclined to follow suit. A cultural shift in perspective starts with you. Privacy requirements keep expanding, and if your organization plans to keep growing or is looking to be acquired, having a solid compliance framework in place early makes it that much easier in the future. The bigger your organization becomes, the more challenging it can be to implement later. So invest early and receive the gifts that keep on giving over time.

Tip 6: Get creative — identify commonalities and use variations on a theme.

Abstract watercolor background, illustrating privacy tip 6: 'Get creative.'

Let’s face it, legal compliance can seem dull and boring, like an arduous trudge through deep mud. This can be particularly true for the business. Teams can often get overwhelmed by what seems like a constant barrage of new laws and requirements and push back against them as a result. It takes creativity to turn what could feel like a trudge into an interesting adventure, one that they’ll be happy they took. Creativity can spark interest and investment. It can help to minimize what may seem like the “burden” of compliance and emphasize the opportunity. How to get creative with compliance? Identify what’s similar across the various laws and requirements and craft a single solution that will work across all of them. Take what you’ve already done and reshape or build on it as new requirements emerge or existing ones evolve. Nothing already in place that you can use? Step back and think like an artist and innovator. A creative mindset can help you keep your approach fresh and light, and that can keep the business interested and invested. There’s compliance, and then there’s creative compliance. Go creative, get results.

Jackie WilKosz
Previous

Here We Go (Again?): Adequacy Granted for EU-U.S. Data Privacy Framework
Next

EU Commission Publishes New SCCs