Explore efficient strategies for a resilient privacy initiative customized to suit your organization’s unique requirements with the help of DPOrganizer’s pioneering privacy management technology.

Since the inception of DPOrganizer in 2016, we have had the incredible fortune of engaging in enriching interactions and discussions with our valued customers. Through these firm relationships, we have gained valuable insights into the experiences and perspectives of professionals within the privacy industry. Having started as a pure software provider, we have since expanded into the delivery of professional services and consultancy to suit the needs of the rapidly expanding industry of privacy.

Size Matters

Through our client relationships and dialogues, we have learned that privacy teams are incredibly busy. Having to operate on many fronts (structure/process setups, raising awareness, conducting DPIAs, privacy design by default, handling breaches, etc.), more and more privacy experts are seeking third-party assistance, for both asking questions and also hands-on work. While larger privacy teams seem to have the resources to keep up with industry demands, we find that small and medium-sized privacy teams are often in need of a second pair of eyes and hands.

However, the team sizes and organizational requirements do not always align. What we can say is that organizations in sectors with more regulations, like finance and healthcare, tend to focus more resources on privacy compliance. However, other deciding factors include the organizational culture set by the board, how this is addressed by the management teams, and how it is implemented by the employees.

Common Questions

Through the experience of operating our DPSupport + package, it appears that privacy teams are mainly looking for three key aspects: a more in-depth comprehension of relevant legislation, accurate interpretation and application of that legislation, or the ability to delegate tasks when time is a scarce resource.

Below is a list of the most common questions being asked by customers:

• Should an incident be reported?
• Can we rely on legal basis X in this situation?
• Can you help us draft a data processing agreement?
• Can you help us review a data processing agreement?
• Are there guidelines on reasonable retention times for this purpose?
• Can you help us with a review of privacy and cookie policies?
• How can we do third-country transfer assessments?
• How do we review legitimate interest assessments?
• How do we define data subject categories and categories of personal data?

Accountability for Regulatory Compliance with the GDPR
Although the General Data Protection Regulation has been in effect for over five years now, we find that many companies and organizations still struggle to fully understand what it means and what it demands of us as controllers and processors.

GDPR Requirements Series

We have broken down some of the most important requirements in our GDPR requirements series, where we have shared some of our own experiences from helping customers of all shapes and sizes with the aim of providing some inspiration. Understanding the importance of accountability in the privacy sector is a piece of advice that you can use to build a more effective and sustainable privacy program.

An Overarching Principle

We believe that accountability functions are an overarching principle, the effect of which extends into all other requirements. In essence, the rules of accountability dictate that the controller holds responsibility for all principles of the GDPR and should be able to demonstrate compliance with its regulations in their own processing activities. More so, the controller needs to be able to prove that they can adhere to regulations through the display of effective data protection implementation. Accountability comes in many forms, but mostly in the form of an efficient privacy program.