Oct 20

Getting executive buy-in

Before you can get into the detail of efficiently running a privacy program, most businesses go through one crucial step: making their executive team care and putting additional resources in.

Let’s say you’re going into a meeting with management to pitch investing in technology to meet your increasing regulatory challenges. You go over that spreadsheets aren’t good enough and make a list of all the great things you could do with just a little more budget. You can do better internal training, proper due diligence on new vendors and critical projects, and put together a cookie policy that actually helps your company earn trust.

Yet it all falls on deaf ears. Reason being? You still have that spreadsheet, which is good enough.

Checking the box might seem “good enough”

The problem here isn’t really the spreadsheets – rather, it’s the perception from the board that you are already ticking all the boxes. The data was mapped in 2018, and now we just need to make sure it’s updated continuously, and reinforce policies around data protection. 

That might sound manageable on paper, but in reality, it’s hard. Really hard. 

Keeping tabs on a bunch of policy documents, using spreadsheets to track who’s received training and a well-documented DSR procedure are just some of the things that the privacy team needs to figure out on their own. And if you’re under-staffed and under-resourced, odds are, some things might begin to be deprioritised and ultimately to slip. That means you end up being a single point of failure – which is actually perhaps your best argument for change.

Single point of failure is your selling point

Any management team wouldn’t want just one person sitting with the substantial parts of a formalised process in his or her head. And yet, one of the biggest problems with ”just” using spreadsheets is that they leave a lot of room for people to structure things in certain ways. Some people may be super structured and map all retention times and legal bases correctly, but others might have done it carelessly, because the regulation required it in May 2018, and nobody cared to do it properly since.

Get a ”sanity check” by using a system

So let’s say we come to the conclusion that spreadsheets aren’t “good enough”, because they aren’t purpose-built. As a management team, you are leaving a potentially critical risk in the head of one or a small group of employees. If that or those people leave and there’s no thorough knowledge transfer between them and the next guy, all will be lost. Gone, in an instant – especially if the ex-colleague isn’t keen on talking with his old employer 24/7. 

If you instead use a system that guides you through all of the information you need to have, it’s easier for anyone to detect gaps and errors, as well as get onboarded. There’s never a question about having the right information – everything is right in front of you, in one centralised platform.

Be confident in checking the box

So when you need to next check the compliance box – whether it be for a commercial contract or a supervisory authority – if you have a tool like DPOrganizer, it’s much easier to say yes and actually sleep well at night.

If you’re curious to learn all about DPOrganizer, you can do so by scheduling a demonstration with one of our product specialists.

See more related posts »

Related blog posts

Learn together with +8000 privacy pros

Grow and improve with our best tips and tricks. No spam, ever.

  • Hidden