Jan 25

Learnings from running a privacy hotline for 24+ months

We have been fortunate to have had great interactions and discussions with our customers since we launched DPOrganizer in 2016. These relationships have brought us insights into the lives of privacy professionals. In the beginning, we were aiming to be a pure software provider and to stay out of services and consultancy. This has changed – here’s why.

Privacy teams are busy

What we have seen from these customer relationships and dialogues is that privacy teams in general are busy. They are fighting on many fronts: raising awareness, setting up structure/processes, privacy by design and default, conducting DPIAs, handling breaches and many more. No wonder there could exist a need to delegate some questions or hands-on work.

In our experience small and medium-sized privacy teams mainly need a second pair of eyes or another opinion. Larger privacy teams seem to either have the resources, knowledge and experience within the team, or have established partners to assist when needed.

Different sizes, different needs

That description of different teams and their needs is of course a generalisation. All organisations are like individuals, unique. The team size does not always correspond with the size of the organisation. Organisations in more regulated sectors, such as finance and health care, are prone to focus more on privacy compliance as well. There are of course exceptions to that rule. Organisations from less regulated sectors can be as much or even more focused on privacy. The organisational culture set by the board, management team and employees is probably as important as the sector in those cases. 

We want to be the privacy professionals’ sidekick and that comes in different forms to suit different types of needs and not just software. Some privacy professionals do not have access to experienced colleagues with vast legal knowledge and experience within data protection or a law firm on retainer to bounce questions or get help from. To help in such situations, DPOrganizer has created a free for all community called Watercooler where users can exchange questions and answers with their peers. We also have a Hotline service for our software customers. With that service, customers get access to legal expertise with guaranteed answer time and quality.

What our Hotline customers ask us about

Running the Hotline service has shown that the main need from privacy teams seems to be to get a better understanding of the legislation or correct interpretation/application of the legislation or to simply delegate work due to lack of time.

Below is the list of most common assistance or questions asked by our Hotline customers.

  • Should an incident be reported?
  • Can we rely on legal basis X in this situation?
  • Review of a data processing agreement
  • Drafting a data processing agreement
  • Review of third-country transfer assessments
  • Review of legitimate interest assessments
  • Review of privacy and cookie policies
  • How to define data subject categories and categories of personal data?
  • Are there guidelines on reasonable retention times for this purpose?

No one size fits all-solution

Clearly, there’s no silver bullet for setting up a privacy program. Even if you need support, it’s not always easy to be sure what’s the best way forward – taking into consideration budget, strategic company goals, and where you think you can get most help. If you’re trying to understand what’s best for you, feel free to book a time with our solution specialists – and we’ll help you identify the best strategy for your business.


See more related posts »

Related blog posts