There is no doubt that privacy compliance is a challenge, especially if you are operating in multiple jurisdictions, have a privacy program that goes beyond a simple policy, or have complex or high volumes of privacy management activities. There are steps you can follow that will ensure you comply with privacy laws:
- Understand relevant laws and your legal obligations;
- Build a privacy program made up of policies, procedures, and other necessary accountability mechanisms; and
- Implement automated privacy management software when volumes and complexity require automation.
When multiple privacy laws and numerous regulators come into play, as is the case with the GDPR, the job of ensuring privacy compliance becomes a much greater challenge. Research-based privacy compliance software can help.
Privacy compliance software is divided into three categories:
- Legal Research Software: To aid in understanding your privacy compliance obligations;
- Privacy Office Support Software: To help you build and maintain a privacy program that demonstrates ongoing compliance; and
- Privacy Management Software: To increase your efficiency and accuracy by automating complex or high volumes of privacy management activities.
In Part One of our three-part series, we discussed legal research software and how it enables privacy offices to both comply and advise on compliance, armed with up-to-the-minute knowledge and a thorough understanding of all relevant legal requirements. Today, we will be taking an in-depth look at the second type of privacy compliance software: privacy office support software.
How Privacy Office Support Software Can Help
The responsibilities of the privacy office include building and maintaining an effective privacy program consisting of policies, procedures, and other mechanisms, sometimes referred to as governance. Privacy office support solutions assist the individuals who are responsible for these tasks, with:
- Templating Software: To build, maintain, and operationalize a structured privacy program;
- Planning Software: To plan, maintain and report on their privacy program; and
- Benchmarking Software: To benchmark their privacy program both internally and externally.
Let’s look at each in turn.
1. Templating Software
Templating software is a privacy office support tool that can accelerate the development of a privacy program, while ensuring accuracy. It offers a standardized infrastructure for each activity – a template. Effective templating software assists the privacy office in crafting their own materials, by providing up-to-date, customizable documents that serve as a base upon which they can build. An online search for templates often yields incomplete and poor-quality documents, which makes templating software all the more useful.
When choosing templating software, opt for a solution that includes the necessary accountability mechanisms, as well as additional resources to aid in the development of a privacy program, such as:
- Real world samples
- Business cases
- Case studies
- Instructional videos
- GDPR-ready resources
Templating software typically contains PIAs (Privacy Impact Assessments) in the form of spreadsheets. In situations where the personal data being processed is either complex or of a high volume, automated PIA software may be necessary. (Automation will be discussed in Part Three of this article series: Privacy Management Software.)
GDPR Considerations for Templating Software
A principal requirement under the GDPR is the implementation of appropriate technical and organizational measures. The definition of ‘appropriate’ depends on the organization and the types, volumes, and purposes of data processing. Note that there is no need to reinvent the wheel when dealing with the GDPR. In many cases, technical and organizational measures that have been implemented to comply with other laws can be repurposed and adjusted to meet
GDPR requirements. You can also follow measures already taken by other organizations. But, if you need help to jump-start the rollout of a privacy program that is in line with GDPR requirements, templating software can help by providing documents that encompass the most up-to-date legal requirements, regulator guidance, and court decisions.
The Business Case for Templating Software
Implementing policies, procedures, and other accountability mechanisms is the only way to achieve compliance, mitigate risk and demonstrate accountability. Templating software enables the implementation of a more effective program in approximately half the time, without taking any shortcuts.
2. Planning Software
Planning software enables the privacy office to develop its overall privacy program strategy. It equips the entire team with the resources to plan, maintain, and demonstrate a structured privacy program, including program visualizations, gap assessments and accountability requirements, and reporting.
- Program Visualizations: The most effective planning software includes a comprehensive dashboard that enables quick visualizations of your privacy program status, activity status, and deadlines. This allows for better communications and resource planning.
- Gap Assessments and Accountability Requirements: Your planning software should have mechanisms to identify and assess gaps in current and future plans and address them with the necessary reporting and accountability requirements.
- Program Reporting: Choose planning software that provides both regular and on-demand reporting on the progress of your privacy program implementation and maintenance. This is especially useful for management reporting and demonstrating accountability to all stakeholders, including regulators.
GDPR Considerations for Planning Software
The GDPR requires organizations to be able to demonstrate their compliance. This is the accountability principle, found in Article 5. To demonstrate compliance, documentation on program development is required. Planning software can help with this, as it documents which steps were taken by which team member when developing, implementing, and maintaining a privacy program. The best software allows you to include relevant documentation, such as meeting minutes and drafts of measures to implement, so that all documentation can be stored in and retrieved from one place.
The Business Case for Planning Software
Planning software enables better privacy compliance, maintenance, reporting, and accountability, and it saves the privacy team time and effort.
3. Benchmarking Software
Benchmarking software is invaluable in helping the privacy office and management understand where their organization’s privacy program stands in comparison to others based on a set of processes and activities common to privacy programs worldwide. It also aids in comparing the progress of one internal department to another. Good benchmarking software provides additional functionality, including readiness assessments and management reporting.
- Readiness Assessments: The best benchmarking solutions include reporting on the status of your privacy management within the context of readiness assessments for certain frameworks, for example to the GDPR, BCRs (Binding Corporate Rules), and APEC CBPR (Cross Border Privacy Rules). This aids in identifying gaps and assessing where resources are needed to support compliance efforts.
- Management Reporting: Benchmarking software should include a range reports that can be used for management reporting at regular intervals, as well as on demand. Good reporting also helps justify privacy office resources and can help make a business case for more resources.
GDPR Considerations for Benchmarking Software
Since the GDPR requires organizations to implement appropriate technical and organizational measures, it is important to understand what is appropriate for your organization. Benchmarking software can help. Not only does it provide a simple way to complete gap assessments of your current program and how it complies with GDPR requirements, it also allows you to compare your GDPR readiness to other organizations. The best software will provide insights into what peer organizations in your region or sector consider appropriate measures, allowing you to use that information to enhance your own program.
The Business Case for Benchmarking Software
Understanding what other organizations are doing to manage privacy enables better planning and resource allocation. Benchmarking software is also useful for management reporting and for business cases to justify further investment in privacy management.
The Third and Final Category of Privacy Compliance Software: Privacy Management Software
In Part Three of this article series, we will take a closer look at the remaining type of privacy compliance software: privacy management software. For more information on how to choose the right privacy compliance software solutions for your organization, download Nymity’s 2018 Privacy Compliance Software Buyer’s Guide.