Two things [still] drive what organizations focus on in building their data privacy programs:

  • Compliance
  • Tech platforms

Focusing on compliance means conforming to government and legal standards - a good starting point - but we are in an era of data privacy and protection regulation and guidance being a decade behind business, despite well-intended laws, e.g., CPRA, CRA in the US. Compliance is a "floor", a "ticket to the dance", not the end game. The best compliance officers understand this well; they seek out ways to link compliance to revenue growth as well as decreasing risk.

Businesses that seek out a tech platform first often underestimate what it takes to reach their goals. It's a lot like bringing home a puppy. We fall in love with how cute the puppy is – think, how cool the UI looks on the privacy management dashboard during the vendor demo. 

 Adopting a puppy mean a long-term commitment and a responsibility to raise and train the dog.

Same goes for a privacy management platform – well, any technology brought it to solve a problem, really.

Unfortunately, many teams neglect to think about the worthwhile AND hard work it takes to implement fully –mapping out personal data throughout the business, getting employees to internalize privacy practice, etc.  

I can’t tell you the number of companies I know of that have bought [fancy] software for personal data mapping and privacy operations – and haven’t finished with building out the basics.  

When you look at the various privacy management solutions, they still largely focus on compliance with standards and statutes. And this only gets a company so far…

Companies mistake compliance for effectiveness (much like the spare tire on the jeep in the photo above).

You can be compliant and experience a personal data breach. So, is being compliant the goal?

Organizations sometimes haven't thought deeply enough on what they truly need and what it takes to get where they want to go.

While both areas are important, starting with either one as the primary driver is wrong. It’s really a shallow strategy. Getting better outcomes starts with asking better questions.

“How is this helpful to our customers?”  

“How will taking action in our data privacy management deepen our trustworthiness?”

Compliance is a byproduct of good practice.

Do you agree or disagree?

Malcare WordPress Security