Data privacy is historically underfunded regarding company budgets, even as “data privacy” has become a popular topic. Some stakeholders view regulations, like the GDPR or CCPA, as a one-time, check-the-box project and therefore fail to fund appropriately.
However, those handling privacy management daily know this is not the case when dealing with numerous complex privacy regulations. Data privacy compliance is an ongoing adventure and can’t be approached like a task is crossed off the list once compliance is reached.
Developing a mature privacy program is crucial to ongoing risk management and compliance. Overlooking your data privacy budget limitations can be costly for organizations.
So how do you do this when there aren’t the proper resources available?
Luckily, there are several ways to get your stakeholders on board the privacy train – and secure a data privacy budget for your department.
Presenting a Solid Case for a Data Privacy Budget
Be Persuasive. When presenting your case to the stakeholders, be ready to make a convincing argument as to why privacy resources are needed.
Be prepared. Be firm. And be early – don’t wait until the last minute to figure your compliance plan when there’s an enforcement date quickly approaching.
Align Visions. Harmonize your privacy vision with the company vision and mission statement. If your company prides itself on its transparency, show that being transparent with your privacy policies and principles syncs with that vision of transparency.
Case Studies. Nothing gets the point across like cold hard facts. Pull together a list of examples that show the importance of investing in privacy, such a recent regulatory fines, data breaches, and any consumer backlash related to data handling.
These tangible use cases will demonstrate the severe repercussions when data privacy is not taken seriously.
Privacy as a Differentiator. Show stakeholders how data privacy will be an innovator and sets the company apart from its competitors. At CES 2019, Apple took out a large billboard stating “What happens on your iPhone, stays on your iPhone.”
This marketing move focused in on Apple’s commitment to user privacy, and used that commitment as a competitive edge.
Know What’s at Stake. Business leaders need to know how much they have to lose. Regulations, such as the GDPR and the CCPA, come with significant penalties for non-compliance.
GDPR fines can total up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year (whichever is higher).
Furthermore, stakeholders need to evaluate how potential loss of trust could negatively affect brand equity.
Set Goals and Targets
Program Maturity Level. Conduct assessments to understand your company’s maturity level. Explain to the stakeholders the maturity level of the current privacy program and discuss the resources needed and the values of achieving a higher maturity level.
Compliance Metrics. As mentioned before, cold hard facts get the point across. Compile metrics on where the company is at in terms of number of privacy incidents, number of data access requests, number of number of hours dedicated to employee training, for example.
Or, conversely, point out that not knowing these key metrics suggests that your organization may be at risk if requested by a regulator, shareholders or prospective M&A partners.
Review and analyze past privacy incidents to create qualitative metrics. Set goals for the future and explain what is needed to meet these goals.
Let Technology Help Your Privacy Program
Automate. Aim for consistency, repeatability and scalability by using technology to automate and operationalize your privacy processes.
For risk assessments, use a tool to complete assessments and generate compliance reports, which saves time, increases accuracy, and improves record keeping. Move away from spreadsheets which are very difficult to update and keep current.
Simplification. Technology can simplify the complex world of privacy regulation and privacy management. Managing data privacy and compliance risk is nearly impossible without specialized technology to streamline the process.
A data inventory and mapping solution makes it easy to standardize and operationalize the processes and creates a detailed, up to date inventory of data collected along with visual data flow maps of all business processes.