Acting ethically means organisations need to understand their personal information processing activities together with the positive and negative impacts on all parties.
This means organisations need to be effective data stewards and align processing activities with applicable privacy compliance requirements. Being compliant with privacy law / regulations may be daunting, however we have a recommended strategy to get you going (and save cost).
QUICK STEPS TO KICK OFF YOUR PRIVACY PROGRAM
1. Perform an information inventory exercise to identify Personal Information touchpoints / elements:
- Understand how Personal Information is collected, stored, shared and disposed of across your organisation.
- Identify and understand data subject rights requirements.
2. Identify and understand areas of weakness and non-compliance to PRIVACY:
- Understand your operating environment as well as your privacy landscape requirements i.e. where you operate and process personal information may impact the controls you need to prioritise.
3. Prioritise Privacy remediation requirements for implementation, starting with quick wins:
- Use a risk-based approach by prioritising areas with the highest exposure, then focus control implementation in those areas. Consider timelines, resources and the appropriate skill sets required for implementation.
- Remember that behavioural change is core to successful privacy implementation.
Consider the following questions…
- Do you know where Personal information resides within your organisation?
- Are you sure that Third Parties are safeguarding your Personal Information?
- Do your employees understand their responsibilities regarding PRIVACY?
- What is the best way to embed PRIVACY into your organisational culture?