To identify the discrepancy between what legislation requires of the organisation and what the current situation is, we carry out a Privacy Impact Assessment (PIA). As part of this, we look not only at the legal aspects, but also at data governance, i.e. all the rules and procedures set down to safeguard the quality and legally correct usage of data.
This results in establishing the extent to which the organisation is compliant with the formal legislation, such as the General Data Protection Regulation which must be implemented in the organisation by May 2018.
The legislation provides great scope to use personal data provided that a number of prerequisites are fulfilled. It is important to ascertain how the organisation wants to deal with the issue of privacy and what that will involve for customer relationships and processes. Many data initiatives are unjustly snuffed out before coming to fruition because of alleged privacy issues.
In an ideal world, privacy policy should not be founded on the fear of penalties, rather it should be about how value can be created for customers. Having a precisely formulated privacy policy means you can establish what needs to happen to make it happen, whilst respecting the legal timelines.
After the newly formulated privacy policy has been introduced, the organisation needs to constantly make sure it is compliant with the regulations. We help to structure the organisation so that that is the case. It is important to automatically incorporate privacy aspects when considering new customer initiatives.
A well-executed privacy policy leads to greater customer confidence and consequently better customer relationships and a stronger reputation for the business.