Managing Privacy Compliance Across Multiple Jurisdictions

What are the key success factors for a company that operates in multiple countries?

An organisation that operates in multiple countries wants all business units and staff to follow the strategic vision and direction of the company.

The key success factors for a company involve:

1. Consistency - All teams and employees across the globe follow a consistent approach
2. Clarity - All teams and employees know what is expected by the corporate office and what their role is
3. Context - What does the corporate office want? and why?

What are the five steps to achieve the key success factors?

Step 1: Privacy Policy: This is typically done after reviewing the countries your organisation operates, the privacy laws and obligations exist there, and making an overall summary of all the key requirements of your privacy policy. Once this privacy policy is created, it can be validated by the executive team and or management board.

Step 2: Create Awareness: Once a privacy policy has been validated, it is essential to create awareness amongst all levels of management across countries so that they understand what the policy is all about, what is expected and why.

Step 3: Conduct an Assessment: With the privacy policy of the company now known, it is the time to create an assessment across each business unit and identify where the gaps are, and what risks exist. This is an essential step that moves your company a step closer to becoming compliant.

Step 4: Create a Project or program to close the gaps: Once the assessment is complete, it is time to create a project or program that will plan the necessary actions to mitigate the risks and close the gaps. This may include:

• Allocating budgets
• Deciding what is done centrally by the corporate office
• Deciding what is done locally
• Deciding what is done in a hybrid way

Step 5: Create a sustainable privacy governance structure: Privacy compliance is not a project but a journey. While privacy projects and services help to fill gaps and reduce risks, there needs to be continuous monitoring of privacy compliance issues. For this purpose, a privacy office, or data protection office with necessary staff need to be considered.