TRUSTe General Counsel and Chief Data Governance Officer Hilary Wandall gave a webinar where she discussed how to support each phase of building a privacy program by using a clear framework, standards, and operational controls. The discussion also included tips on how to make accountability effective in an organization, and what accountability looks like in practice.
If you missed it, click HERE to listen to the entire webinar on demand.
One of the topics covered was how to get started. To get started with a privacy program, first you have to decide upon a model. Some important considerations are:
- What model would work best with your organization?
- Implementation is organization-specific
- How do things happen in context of your organization’s culture?
- Culture can impact which model you go with
- Who is relevant in making these decisions?
- Tie your findings back into the broader compliance program
Next, think about structure. Your headquarter location should factor into how you structure your program. For example, headquarters in the EU may necessitate having a DPO as the head of your privacy program. For another example, headquarters in the US may require having a Chief Privacy Officer (CPO) and DPO’s based throughout the world.
Then decide how to align the program with existing functions within your organization. Specifically, decide which department the privacy function will sit in. When making this determination, consider any legal requirements that your organization must comply with, such as the EU GDPR or HIPAA.
With a plan in place, the next step is to build the program.
To learn more about the six elements that should be included in your program, you can watch the webinar HERE.