Gartner Report: The Four Do’s and Don’ts of Implementing Your Privacy Program
A privacy program is only as effective as its implementation strategy. Security and risk management leaders implementing a privacy management program must support and enable business goals and imperatives, without presenting unnecessary additional workload.
Download the Gartner Report: The Four Do’s and Don’ts of Implementing Your Privacy Program via the OneTrust Resources page.
Published: 24 August 2017
Analyst(s): Bart Willemsen, Prateek Bhajanka
Do’s of Implementing Your Privacy Program
- Create common program vision
- Treat as business imperative
- Make employees conversant with policies
- Base on continuous risk assessment
Don’ts of Implementing Your Privacy Program
- Craft program in a silo
- Report tech metrics to board
- Assign responsibility to a single person
- Treat as a project
The report suggests that privacy programmes require long-term attention and compliance isn’t a short-term fix; therefore, it’s important to find the right vendor to help manage your compliance efforts on an ongoing basis.
“Adherence to the program must subsequently be monitored, measured and improved, continuing to demonstrate effectiveness and benefit. When implemented correctly, a privacy program demonstrates accountability. It also eases the way toward a holistic audit. In some jurisdictions, certifying operations according to preferred standards may assist in installing trust with both regulators and the public.”
It also outlines the importance of abandoning the “fit and forget” approach and treating privacy compliance like a one-time project that must be completed by a specific date –– 25 May 2018, in the case of the EU General Data Protection Regulation (GDPR).
“Assuming the requirements of the program to be static will result in oversight of business requirements and changes, both internal as well as external.”
Download the Gartner Report: The Four Do’s and Don’ts of Implementing Your Privacy Program via Gartner.com.