Lack of collaboration with your organisation is detrimental to your privacy and infosec programme.
If you’re unable to create a climate of co-operation within your organisation,  you will be less effective as a compliance pro AND data protection and information security will suffer.
The solution: Officers and Operators.
This is what we discuss in this episode of Sustainable Compliance Live, a weekly online show from Wired Relation where we discuss sustainable compliance.
We discuss one of the five sustainable Compliance trends: Going from central authority to company-wide collaboration.
‍
5 problems of centralized compliance
If you find yourself in a centralized compliance function, you will experience one or more of the 5 problems:
- You don’t get the information you need from your organisation. An example: Marketing has already implemented a new system, before you hear about it.
- You experience a knowledge gap. You know about privacy, however to be effective, you need information from the people who know about the practises of the business.
- You struggle to get the message that privacy and information security out.
- Key person vulnerability. You are the only one who knows about your privacy and infosec programme. If you leave, everything will have to start over.
- You get buried in administration and don’t spend your time on the right things.
In other words: You need to make co-operation happen in your organisation.
‍
The solution: Compliance Officers and Operators
A hybrid compliance function comprising Compliance Officers and Operators is the fix to this problem.
The first part is a (probably centralized) “compliance office” of Compliance Officers with in-depth knowledge of compliance, privacy and information security.
They should:
- Set the compliance strategy
- Secure buy-in and regularly communicate with top management
- Make sure you have a structured overview of your compliance platform of systems, vendors and processing activities.
- Uncover the demands on our compliance from regulators, the business, customers and other stakeholders.
- Decide on the compliance workflows (some call them playbooks) and systems to use.
- Capture and process new developments that challenge the compliance programme
- New systems
- New processes
- New risks
- New legal requirements or customer demands.
‍
Operators who know the business
Moreover, you need Operators within the business or departments of the organisation, responsible for parts of privacy and infosec.
They must know quite a lot about privacy and infosec, however, their main task is knowing about the business.
They should.
- Share responsibility for specific processing activities
- Share responsibility for vendor assessment
- Share responsibility for specific awareness training
- Share responsibility for security efforts
‍
Join Sustainable Compliance Live
Every week, Tuesday at 2PM CEST, we meet online and live to discuss Sustainable Compliance. Download the calendar invitation here.
You’re invited.
‍