It’s that time of the year again. The turkey is getting fat, the goose will soon be cooked and the inevitable argument over sprouts and Kris Krindle is about to be on us quicker than we realise.
But something else is popping its head up, for the first time in many organisations.
The privacy program budget.
It’s new territory for many, and for old hands involved in data protection it is also an exciting time, where the opportunity to go big or go home presents itself.
For some it will be a trying time. Convincing the business to push on and continue in its investment, or even start thinking about properly investing, will be a common conversation in meeting rooms all over Europe and beyond, over the next few weeks and months.
So, this article is firstly a raising of the glass to all my colleagues and fellow privacy patriots out there. I’ll be thinking of you.
Secondly, this article is an opportunity for me to give some small advice, based on experiences I’ve have had over the years, alongside my fellow professionals in Sytorus, where we have been in your shoes, sometimes in moments when data protection was well down the pecking order of importance and need.
Data protection can be viewed through many prisms. The most common is the legal arena. Lawful processing is a clear prerogative of data protection and the GDPR in particular, given how it looms so large in the current arena of modern privacy obligation. For many organisations this has been the key driver, whether it is fear of sanction and fines, data breaches or a well-rounded argument/warning from the Head of Legal.
For others, in particular those who work in industries where the processing of personal data is both vast and imperative to the profitability or success of the enterprise, the need can sometimes evolve into a deeper understanding of business value and optimisation alignment.
This is something I wish to tease out a little more, as I believe it is a critical path to the long term success of any privacy program.
In my previous article, I made reference about the need for privacy programs to develop broader and deeper links with the business, and to encourage effective collaboration. There is a deeper thrust to this, though.
Data protection has always intended to be an embedded process, aligning with the common sense approach to how an organisation processes personal data throughout its lifecycle.
In a more fundamental way, successful implementation of data protection should seek to be so aligned with the business that it is able to demonstrably drive business value.
This value can manifest in many ways. Examples can be found in cost reduction exercise relating to data retention, to improved marketing database quality and insight gained from accurate consent tracking and management.
There are actually many examples which can be articulated, and the point of business value is, in my opinion, the key aspect of any current conversations around budgets.
When you are next in your planning and budget meetings, think about how your privacy program can provide, or work towards driving clear business value in 2019. If you crack this nut, you will clearly be in a strong position to develop further your program of work in the year ahead, an strengthen the position of your own personal value, by demonstrating clear commercial alignment with the business.
Want to have a chat with someone who can understand your challenges in this area, and provide you with some further insight and advice, them why not contact us here.
As Bob Hoskins used to say in a famous ad in the 1990’s- It’s good to talk!