No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

3 Ways GDPR Will Help Privacy Executives

by Brian Lee
January 19, 2018
in Data Privacy, Featured
strategy board

The Long-term Strategic Advantage

With the GDPR implementation deadline quickly approaching, many organizations are extremely focused on meeting specific regulatory requirements. However, GDPR is just the starting line. Here Brian Lee and Stephanie Quaranta highlight how compliance and privacy executives can plan past simply conforming with the requirements, and use GDPR as a long-term strategic opportunity to build sustainable policies and procedures.

Co-authored by Stephanie Quaranta

With enforcement of the EU’s General Data Protection Regulation (GDPR) fast approaching, most compliance and privacy executives are putting their heads down and making sure they are GDPR compliant by the May 2018 deadline. For many executives, the number of tasks to accomplish can seem endless.

This has contributed to the feeling that the GDPR enforcement date is a “finish line” of sorts.  This makes sense, as many organizations have spent significant amounts of time building or evolving their privacy programs to ensure GDPR compliance, and the May deadline is as a light at the end of the tunnel.

Yet viewing GDPR as a finish line overlooks an important truth: GDPR is a rare strategic opportunity for compliance and privacy executives to cement the privacy program as a part of business operations. More accurately, GDPR is a starting line. Research from CEB, now Gartner, has identified three opportunities GDPR creates an opening for organizations to accomplish:

Opportunity #1: Establish Program Value

Compliance and privacy executives have struggled to define and demonstrate the value of an effective privacy program in the eyes of key stakeholders. This can limit the program’s ability to contribute to key initiatives. GDPR, by stipulating requirements for how privacy should be managed and instituting significant penalties for falling short, can serve as a pivotal moment for privacy executives to make the business case for major initiatives such as building a comprehensive data map or launching a data minimization campaign. Not only are these ideas directly in support of GDPR requirements, but they also help privacy teams improve the targeting and impact of all risk management activities. Privacy should use GDPR as an opportunity to secure the buy-in, resourcing and board visibility the program needs to be effective.

Opportunity #2: Drive Consensus on the Organization’s Approach to Data

As the value and strategic importance of data grows, organizations will continue to collect more data, grant broader access to both employees and third parties and increase the use of data to guide important business decisions. Though organizations that leverage data in this way can expect to see significant revenue and productivity gains, this increasing reliance on data can prove problematic if it is not guided by a broader strategy.

With GDPR introducing new and more stringent expectations around important issues such as data subject consent, it is more important than ever for privacy to ensure that the business does not take on unnecessary risks. To do that, compliance and privacy executives must work with business and functional partners to create a set of principles that guide the collection, use and retention of high-risk information. Organizations must define their approach to data and to protecting privacy, creating a golden opportunity for privacy to prove its mettle as a strategic advisor that can help the business secure real gains.

Opportunity #3: Make Privacy a Part of Business Operations

GDPR introduces explicit privacy-by-design and data protection by default requirements for the first time. Compliance and privacy executives should seize this opportunity to take their program from on that is “bolt-on” to business processes to a natural part of business operations. Though many privacy executives report feeling confident in how privacy is embedded in technical requirements, such as app or software developments, most report feeling less confident about business processes such as third-party selection and onboarding or data analytics.

GDPR provides privacy executives with an opportunity to ensure privacy is a part of these business processes as well. Privacy should begin by expanding the reach of the Privacy Impact Assessment — currently, only 55 percent of high-risk processes receive one. Privacy considerations should also be embedded in other process steps, such as third-party RFPs or new product development stage gates. These point-in-time assessments or controls should then be supplemented by ongoing monitoring not only of privacy risk but of business changes as well, to ensure privacy is aware of new or evolving business need.

Conclusion

Once the organization has done the hard work of building a data strategy and making privacy a key element of business operations, there is an opportunity to further demonstrate the value of privacy to the organization by marketing this work to their customers. Customer trust in organizations is at a low point. In fact, 87 percent of consumers believe adequate safeguards are not in place to protect their personal information. Even more troublesome, 79 percent of consumers say they would be unlikely to share data with companies they do not trust, creating a significant business risk as organizations increase their reliance on this very data.

Privacy can work with corporate communications and other internal teams to ensure that the organization’s commitment to privacy is a visible part of the organization’s identity, serving as a market differentiator and a growth engine.

By serving as a driving force to develop strong privacy practices, GDPR can not only help privacy programs mature but can help organizations grow as well, proving that it is so much more than a finish line.

 


Tags: Data GovernanceGDPR
Previous Post

Q&A with James Cesarano

Next Post

Adopt a Regtech Culture with Compliance at the Epicenter

Brian Lee

Brian Lee

Brian Lee is an experienced lawyer and Managing Vice President at Gartner, where he leads research focused on turning compliance and privacy departments into high-performing business units. Gartner is a research and advisory company headquartered in Stamford, Connecticut. Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

doj outside sculpture_n

Monaco Memo 2.0: Companies Should Start Preparing Now for Future DOJ Investigations

by Miller & Chevalier
November 2, 2022

Following up on her watershed 2021 memo, Deputy Attorney General Lisa Monaco’s latest missive highlights a pair of issues that...

Next Post
business planning meeting

Adopt a Regtech Culture with Compliance at the Epicenter

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT