Mature Your Privacy Operations

You’ve mastered the basics, but there are additional risk, data, and measurement tasks to complete.


Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Without a fully functioning privacy program, organizations struggle to:

  • Meet compliance obligations.
  • Identify and mitigate data-related risks.
  • Keep sensitive data secure.
  • Demonstrate proper data collection and processing practices.
  • Inform consumers on what data is collected and how to opt out.

A strong privacy program:

  • Supports business goals and provides a competitive advantage.
  • Operationalizes data retention requirements.
  • Classifies data types based on sensitivity.
  • Maps data collection and flow
  • Demonstrates transparency and appreciation for data subject's rights.
  • Facilitates data subject access requests (DSARs).
  • Improves data breach response capabilities.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Readiness Assessment, Risk Management, and Transparency

The Purpose

Assess current maturity, identify program gaps, and develop a data protection impact assessment (DPIA) process.

Key Benefits Achieved

  • List of gap-closure initiatives
  • DPIA process

Activities: Outputs:
1.1 Assess the overall privacy readiness level
  • Privacy readiness assessment report
1.2 Identify gaps and mitigating controls
1.3 Review and develop a DPIA process
  • DPIA process
1.4 Understand core components of a privacy notice
1.5 Review and develop privacy notices
  • Privacy notices

Module 2: Data Classification and Data Retention

The Purpose

Learn how to classify data based on its sensitivity and how long to retain these records to support business needs and maintain compliance obligations.

Key Benefits Achieved

  • Data classification scheme
  • Data retention schedule

Activities: Outputs:
2.1 Discuss and develop data classification policy
  • Data classification policy
2.2 Review and develop data classification scheme
  • Data classification scheme
2.3 Review and develop data classification handling standard
  • Data classification handling standard
2.4 Review and develop data retention policy
  • Data retention policy
2.5 Review and develop data retention schedule
  • Data retention schedule

Module 3: Third-Party Management and Cross-Border Data Transfer

The Purpose

Determine data processing requirements and choose an appropriate data transfer mechanism for your organization.

Key Benefits Achieved

  • Data processing agreement
  • Appropriate means for cross-border data transfer

Activities: Outputs:
3.1 Understand core components of a data processing agreement
3.2 Review and develop a data processing agreement
  • Data processing agreement
3.3 Understand common cross-border transfer mechanisms
3.4 Review and develop your standard contractual clauses
  • Standard contractual clauses

Module 4: Implement and Operationalize

The Purpose

Set a process for data subject access requests (DSARs) and formalize your report of work completed so far.

Key Benefits Achieved

  • DSAR process
  • Presentable report detailing privacy program improvements

Activities: Outputs:
4.1 Understand data subject rights (DSRs) and legal obligations
4.2 Review and develop a DSAR process
  • DSAR process
4.3 Input all outputs from Modules 1-3 into the Data Privacy Report
  • Completed Data Process Mapping Tool
4.4 Summarize and build an executive presentation
  • Review of any outstanding privacy collateral
  • Data Privacy Program Report presentation
4.5 Set checkpoints to drive continuous improvement

Module 5: Next Steps and Wrap-Up (offsite)

The Purpose

Finalizae all completed deliverables.

Key Benefits Achieved

  • Completed set of deliverables to support the maturation of your privacy program

Activities: Outputs:
5.1 Consolidate and schedule any outstanding business unit interviews
5.2 Complete in-progress deliverables from previous four modules
5.3 Set up a time to review workshop deliverables and discuss next steps
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019