Build a Data Privacy Program

Take out data privacy’s grey areas with a quantitative approach to your program.

Onsite Workshop

Privacy is often shrouded in grey areas and considered a taxing project that the organization just doesn’t have the time or resourcing to properly tackle.

  • No one wants to invite privacy to the table; business units fear the impact that integrating privacy will have on their current operating model.
  • Yet, everyone fears the very real possibility of a data breach and understands that data privacy is a “necessary evil.”
  • Shift the organizational perspective of privacy as an inhibitor of business success to an enabler that provides a competitive efficiency advantage.

Create a clear path toward privacy by taking a quantitative, risk-based approach.

  • Use a phase-by-phase, cumulative approach to building a data privacy program.
  • Complete a set of tactical deliverables that give you an understanding of the lifecycle of personal data in your organization.
  • Establish metrics and implementation plan to make the data privacy program operational.

Module 1: Collect Privacy Requirements

The Purpose

  • Understand the key drivers behind privacy in your operating context and begin to assign ownership.

Key Benefits Achieved

  • Level-setting between IT and the business with respect to privacy best practices.
  • High-level understanding of risk associated with personal data collected by the organization.

Activities: Outputs:
1.1 Define and document program drivers.
  • Business context and drivers behind privacy program
1.2 Establish privacy governance structure and define scope.
1.3 Build privacy RACI chart.
  • Privacy RACI chart
1.4 Build the risk map.

Module 2: Conduct a Privacy Gap Analysis

The Purpose

  • Connect with each of the business units with respect to current privacy practices and gain insight into how personal data is handled throughout the organization.

Key Benefits Achieved

  • Alignment with business unit privacy champions
  • Understanding of current state of privacy in the organization
  • Uncovered gaps in the organization’s privacy practices

Activities: Outputs:
2.1 Conduct interviews and complete Data Mapping Tool.
  • Data Mapping Tool draft
2.2 Compare compliance and regulatory requirements with current privacy practices of the organization.
  • Mapped privacy control gap areas to relevant privacy laws, frameworks, or industry standards
2.3 Identify gap areas.
2.4 Review the DPIA process and identify whether threshold assessment or full DPIA is required.
  • Optional: Walk-through of DPIA tool

Module 3: Build the Privacy Roadmap

The Purpose

  • Ensure that the privacy program is functional and caters to the environment assessed over days 1 and 2 by building a custom-fit privacy initiative implementation roadmap.

Key Benefits Achieved

  • Quantitative prioritization of each of the privacy gap closing initiatives
  • High-level initiative implementation roadmap

Activities: Outputs:
3.1 Complete business unit gap analysis; consolidate inputs from day 2 interviews.
3.2 Apply variables to privacy initiatives.
  • Privacy Framework Tool
3.3 Create a visual privacy roadmap.
  • Privacy roadmap and prioritized set of initiatives
3.4 Define and refine the effort map; validate costing and resourcing.

Module 4: Implement and Operationalize

The Purpose

This portion of the workshop ensures that the privacy program can be put into action and moves beyond static policies to foster the integration of privacy metrics across the organization.

Key Benefits Achieved

A full set of privacy metrics, as well as tactics to implement and monitor on an ongoing basis.

Activities: Outputs:
4.1 Review outputs from days 1-3.
  • Completed Privacy Roadmap
  • Completed Data Mapping Tool
  • Review of any outstanding privacy collateral (Privacy Notice, Data Protection Policy, etc.)
4.2 Review Info-Tech’s privacy metrics and select relevant metrics for the privacy program.
  • Privacy Program Report document
4.3 Operationalize metrics.
4.4 Input all outputs from days 1-3 into the Data Privacy Report.
4.5 Summarize and build an executive presentation.
4.6 Set checkpoints and drive continuous improvement.

Module 5: Next Steps and Wrap-Up (Offsite)

The Purpose

Ensure privacy program is functional and any final aspects are included in the report back to senior leadership team.

Key Benefits Achieved

Strategic alignment of the privacy program and its objectives with those of the business and senior leadership.

Activities: Outputs:
5.1 Consolidate and schedule any outstanding business unit interviews.
5.2 Complete in-progress deliverables from previous four days.
5.3 Set up review time for workshop deliverables to discuss next steps.
5.4 Operationalize metrics.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
×
VL Methodology