How can Legal, IT and business interests be combined to meet privacy requirements?
The success of ongoing compliance is heavily reliant on the governance framework that organisations have built to support their privacy activities. Unfortunately, as a result of a general lack of structure in governance and accountability, there is a high risk that many privacy efforts go to waste.
- Living up to privacy regulations requires in-depth knowledge of not only the business processes, the organization and the industry but also of technology and the law. Many companies do not take the time necessary to address their maturity in these areas or to assess their in-house competencies, which potentially leads to non-compliance.
- A key aspect of ensuring governance is to address the duties and privacy activities for each stakeholder for all departments. If this is not done, there is a high risk that the wrong stakeholders make decisions in areas where they do not have the required competencies or mandate, or, even worse, that some decisions and risks are not addressed at all.
- Compliance is not a one-time exercise; it must be ensured on an ongoing basis. In recent years, many companies have successfully implemented measures relating to privacy governance. However, they have not prioritised the continuous operation of the implemented programme or reviewed its subsequent efficiency through controls. Privacy efforts must be maintained and reviewed after a defined period of time, or when the circumstances change, and the results must be documented. Such traceability is essential in ensuring accountability and, subsequently, effectiveness.
- When privacy is addressed in an ad hoc manner without this being documented, the effectiveness and consistency of the efforts decrease greatly. Also, the scale and likelihood of privacy governance mistakes occurring increase. A well-functioning governance framework is necessary to provide assurance that the compliance programme is implemented and achieves the desired results.
Effective governance combines organisational and operational aspects to promote internal and external accountability.
Governance is about getting all the areas of the business to work together using the strengths and capabilities of each area in an effective way. Deloitte has a variety of legal, technology and management specialists who are able to assist you in getting the right governance set-up for your business' specific needs and risk profile.
Is your organisation in need of a new governance framework or advice on whether your existing set-up is efficient?
Reach out to us, and we will be happy to share our expertise with you.