Welcome to our video series, innovators in Privacy Tech! At our global user conference in London, PrivacyTECH, we interviewed the best and the brightest minds in the privacy industry for their insights on everything from the California Consumer Privacy Act (CCPA), the future of privacy, how to achieve sustainability in your privacy program and more.
Today we have Alex Bryant, VP, Group Data Protection Officer at Live Nation Entertainment. Live Nation is the global leader for live entertainment with 550 million fans in 40 countries. Somewhere in the world every 18 minutes is a Live Nation Event.
Advice on implementing privacy policies
The key advice Bryant would give to DPO’s looking to implement robust privacy policies and processes is to first identify your stakeholders and start doing your accountability mapping. Ultimately, you need to know how your policy is going to cascade down from wherever it’s been designed all the way through the business. Secondly, as Bryant notes, leverage what you already have. This might involve a level of discovery, but see what processes are already out there. The last thing you want to do is reinvent the wheel and start again because you’re not going to get business buy-in if that happens. There probably already is some sort of third part due diligence out there, it may just be a case of inserting your privacy requirements in there.
If you look at the way products and services are designed, a lot of the time there are gating processes, there are project initiation processes and final sign offs. It may just be a case of jumping on that bandwagon and actually implementing your privacy processes there as well.
“Don’t underestimate the power of educational awareness.”
Bryant goes on to emphasize the importance of educational awareness. It’s one thing to have this wonderful gold standard policy or procedure, but if nobody is aware of it and doesn’t know how to use it, then it’s pretty much not worth the paper it’s written on. Finally, Bryant notes to pick up on the word robust. Again, you may have drafted a policy or procedure, but until you actually have an assurance mechanism around it, it really just becomes ultimately a paper shield. There needs to be some sort of pre testing, whether it’s war games or just running through that with the business to make sure it meets what you need, but also is business friendly and successful. Bryant concludes by reminding DPO’s to not forget that you do have your three lines of defense as well, so there is a role for compliance, for risk and for internal audits to be able to be monitoring how that process is working and to recommend and test if there’s any further improvements needed.
Stay tuned for our the next Innovators in Privacy Tech post and visit our LinkedIn, Twitter and Facebook. For more information, request a demo today and learn why OneTrust was named a leader in the Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018