The Privacy Management Programme
The accountability framework set out in the UK GDPR is recognised as a key building block for any organisation to be able to demonstrate compliance. The framework comprises the accountability principle (Article 5) GDPR and together with other requirements is designed to help organisations demonstrate compliance, however for some organisations it can be onerous and be an unnecessary burden.
The current framework sets out a number of specific requirement that organisations must satisfy to demonstrate compliance and it is felt that this is causing organisations added administration that could cause them not to have sufficient resources to ensure the responsible use of personal data in a specific context this could be especially true for SMEs or those organisations that carry out low risk processing
The proposal is to implement a more flexible and risk-based accountability framework which is based on privacy management programmes.
This would mean that organisations would be required to implement a privacy management programme that reflects the volume and sensitivity of the personal information it handles, and the type(s) of data processing it carries out. This would ensure data privacy management is embraced holistically rather than just as a ‘box-ticking’ exercise.
What is a Privacy Management Programme?
A privacy management programme is a framework that means that data privacy is embedded though out the organisation at every level and throughout its activities.
A PM Programme includes:
- Policies and Processes
- Leadership and Oversight
- Risk Assessment
- Transparency
- Training
- Building staff awareness
- Monitoring, Evaluating, and improving
A PM Programme is part of Privacy by Design, embedding privacy into business activities and practices. By implementing a PM programme, the organisation is creating a culture of privacy within the organisation, it is making privacy of data the base line to its activities. A PM programme will should result in a more coherent, comprehensive, and systemic approach to accountability.
For any organisation this can result in reputational advantages, competitive benefits and is a strong differentiator in a crowded market place.
For more information on how you can implement a Privacy Management Programme contact Privacy in Business
You can also read about Creating a Privacy Culture into your organisation
Data Protection
Comply with EU, UK & global privacy regulations. Understand your data landscape, implement and operationalise privacy.
Training
Engage, Educate, Empower. Equip staff with a comprehensive understanding of privacy & data protection.
Assessments
Establish accountability needed to manage privacy risk. Identify and mitigate privacy risk for your processing activities.