June 16, 2023

Sustainable Compliance trend #1: From centralized authority to company wide collaboration

Lack of collaboration with your organisation is detrimental to your privacy and infosec programme.

If you’re unable to create a climate of co-operation within your organisation,  you will be less effective as a compliance pro AND data protection and information security will suffer.

The solution: Officers and Operators.

This is what we discuss in this episode of Sustainable Compliance Live, a weekly online show from Wired Relation where we discuss sustainable compliance.


We discuss one of the five sustainable Compliance trends: Going from central authority to company-wide collaboration.

5 problems of centralized compliance

If you find yourself in a centralized compliance function, you will experience one or more of the 5 problems:

  1. You don’t get the information you need from your organisation. An example: Marketing has already implemented a new system, before you hear about it.
  2. You experience a knowledge gap. You know about privacy, however to be effective, you need information from the people who know about the practises of the business.
  3. You struggle to get the message that privacy and information security out.
  4. Key person vulnerability. You are the only one who knows about your privacy and infosec programme. If you leave, everything will have to start over.
  5. You get buried in administration and don’t spend your time on the right things.

In other words: You need to make co-operation happen in your organisation.

The solution: Compliance Officers and Operators

A hybrid compliance function comprising Compliance Officers and Operators is the fix to this problem.

The first part is a (probably centralized) “compliance office” of Compliance Officers with in-depth knowledge of compliance, privacy and information security.

They should:

  • Set the compliance strategy
  • Secure buy-in and regularly communicate with top management
  • Make sure you have a structured overview of your compliance platform of systems, vendors and processing activities.
  • Uncover the demands on our compliance from regulators, the business, customers and other stakeholders.
  • Decide on the compliance workflows (some call them playbooks) and systems to use.
  • Capture and process new developments that challenge the compliance programme
  • New systems
  • New processes
  • New risks
  • New legal requirements or customer demands.

Operators who know the business

Moreover, you need Operators within the business or departments of the organisation, responsible for parts of privacy and infosec.

They must know quite a lot about privacy and infosec, however, their main task is knowing about the business.

They should.

  • Share responsibility for specific processing activities
  • Share responsibility for vendor assessment
  • Share responsibility for specific awareness training
  • Share responsibility for security efforts

Join Sustainable Compliance Live

Every week, Tuesday at 2PM CEST, we meet online and live to discuss Sustainable Compliance. Download the calendar invitation here.

You’re invited.

Jacob Hoedt Larsen
June 16, 2023
Information Security

From Privacy League Live.
Join the session on Teams to learn, ask and grow as a privacy pro.
Every Wednesday at 14.00 CET.

More like it

See more content
Wired Relations
Information Security
Information Security
Success stories
Information Security
Awareness & Training