Mature Your Privacy Operations | Info-Tech Research Group

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Data privacy is increasingly becoming a requirement of every organization.
Privacy and IT leaders continue to struggle to develop strong privacy programs despite looming regulatory pressure.
IT leaders must translate legal obligations into actionable guidance for the organization.

Our Advice

Critical Insight

Establish a comprehensive organization-wide privacy program using a MICAS (measurable, integrated, consistent, actionable, and scalable) approach.
Operationalize your data protection initiatives and comply with applicable privacy regulations in the most cost-effective way.

Impact and Result

Privacy and IT leaders need to see privacy as more than just compliance, but rather as a driver of business efficiency.
Partner with the business by speaking their language and providing tools they can understand and implement.
Create privacy policies and standards that are established with respect to how information is collected, processed, shared, and protected within the organization's data lifecycle.
Establish a holistic and integrated privacy program by employing a phased approach.

Mature Your Privacy Operations Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should mature your privacy operations, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Mature Your Privacy Operations – Executive Brief

1. Assess privacy readiness

Identify and treat any gaps in your current privacy program.

2. Develop privacy documentation

Draft a privacy notice and cookie policy to support your program.

3. Manage privacy risks

Account for data processing risks in-house and with vendors.

4. Manage data classification, retention, and transfer

Determine the best ways to govern your sensitive data.

5. Respond to data subjects and incidents

Manage your data access and security needs.

6. Measure progress and performance

Develop KPIs to measure success.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.7/10

Overall Impact

$20,713

Average $ Saved

15

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Centennial College

Guided Implementation

10/10

$23,500

20

Very timely insight and materials received

Canadian Wildlife Federation

Guided Implementation

9/10

$10,000

5

Safayat, has provided excellent supports with regards to our corporate privacy program development and supports!

Fidelity Investments Canada ULC

Guided Implementation

10/10

N/A

10

Alan is always extremely informative during our technical analyst calls to provide us with real company, practical insights that can help us expedi... Read More

Packaging Machinery Manufacturers Institute

Guided Implementation

9/10

$2,599

2

Environmental Defense Fund, Incorporated

Guided Implementation

10/10

$64,999

50

Helmerich & Payne, Inc.

Guided Implementation

10/10

$2,469

2

Load More Testimonials

Workshop: Mature Your Privacy Operations

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Readiness Assessment, Risk Management, and Transparency

The Purpose

Assess current maturity, identify program gaps, and develop a data protection impact assessment (DPIA) process.

Key Benefits Achieved

List of gap-closure initiatives
DPIA process

Activities

Outputs

1.1

Assess the overall privacy readiness level

Privacy readiness assessment report

1.2

Identify gaps and mitigating controls

1.3

Review and develop a DPIA process

DPIA process

1.4

Understand core components of a privacy notice

1.5

Review and develop privacy notices

Privacy notices

Module 2: Data Classification and Data Retention

The Purpose

Learn how to classify data based on its sensitivity and how long to retain these records to support business needs and maintain compliance obligations.

Key Benefits Achieved

Data classification scheme
Data retention schedule

Activities

Outputs

2.1

Discuss and develop data classification policy

Data classification policy

2.2

Review and develop data classification scheme

Data classification scheme

2.3

Review and develop data classification handling standard

Data classification handling standard

2.4

Review and develop data retention policy

Data retention policy

2.5

Review and develop data retention schedule

Data retention schedule

Module 3: Third-Party Management and Cross-Border Data Transfer

The Purpose

Determine data processing requirements and choose an appropriate data transfer mechanism for your organization.

Key Benefits Achieved

Data processing agreement
Appropriate means for cross-border data transfer

Activities

Outputs

3.1

Understand core components of a data processing agreement

3.2

Review and develop a data processing agreement

Data processing agreement

3.3

Understand common cross-border transfer mechanisms

3.4

Review and develop your standard contractual clauses

Standard contractual clauses

Module 4: Implement and Operationalize

The Purpose

Set a process for data subject access requests (DSARs) and formalize your report of work completed so far.

Key Benefits Achieved

DSAR process
Presentable report detailing privacy program improvements

Activities

Outputs

4.1

Understand data subject rights (DSRs) and legal obligations

4.2

Review and develop a DSAR process

DSAR process

4.3

Input all outputs from Modules 1-3 into the Data Privacy Report

Completed Data Process Mapping Tool

4.4

Summarize and build an executive presentation

Review of any outstanding privacy collateral
Data Privacy Program Report presentation

4.5

Set checkpoints to drive continuous improvement

Module 5: Next Steps and Wrap-Up (offsite)

The Purpose

Finalizae all completed deliverables.

Key Benefits Achieved

Completed set of deliverables to support the maturation of your privacy program

Activities

Outputs

5.1

Consolidate and schedule any outstanding business unit interviews

5.2

Complete in-progress deliverables from previous four modules

5.3

Set up a time to review workshop deliverables and discuss next steps

Mature Your Privacy Operations visualization

You’ve mastered the basics, but there are additional risk, data, and measurement tasks to complete.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 6-phase advisory process. You'll receive 13 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Assess privacy readiness

Call 1: Assess the current privacy readiness level.
Call 2: Identify gaps and mitigating controls.

Guided Implementation 2: Develop privacy documentation

Call 1: Develop privacy notices and cookie policy.
Call 2: Review and finalize documentation.

Guided Implementation 3: Manage privacy risks

Call 1: Develop DPIA process.
Call 2: Review and finalize DPIA process.

Guided Implementation 4: Manage data classification, retention, and transfer

Call 1: : Review and develop data classification and handling standards.
Call 2: Review and develop data retention and disposal standards.
Call 3: Review and develop data processing agreement.

Guided Implementation 5: Respond to data subjects and incidents

Call 1: Review and develop data subject access request (DSAR) handling process.
Call 2: Review and develop data breach handling process.

Guided Implementation 6: Measure progress and performance

Call 1: Build privacy program metrics.
Call 2: Review and finalize KPIs.

Authors

Alan Tang

Logan Rohde

Contributors

Andrew David Bhagyam, Global Lead, Privacy Office, Zoho
Preeti Dhawan, Privacy Officer, Bell
Monique Greene, Privacy Consultant, Juno Legal
Alfonso Yi, Head of Privacy & IT Risk, Ralph Lauren
Rita Zurbrigg, Product Marketing Manager, OneTrust

Search Code: 97745
Last Revised: October 20, 2021

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019