Welcome to the second “how-to” GDPR video in KPMG’s privacy video series dedicated to discussing GDPR program basics.
This video will focus on how to prioritize the implementation of your privacy program.
Most privacy functions have limited resources with which to undertake tasks.
It is important to balance establishing broad privacy coverage while addressing high risk areas.
Privacy coverage involves spanning multiple types of personal data. (this may include customer, employee, vendor)
It also means involving affiliates and business units of various size, locations, maturity levels
Addressing high risk areas requires spotlighting those business processes that process significant amounts of personal and/or sensitive personal data, along with innovative – new technology (for example Internet of Things) or secondary approaches to personal data processing.
Ask yourself: what are the top business processes spanning different business areas that present a higher risk to individual’s privacy?
As you engage with different business units across the organization it’s important to take the opportunity to educate stakeholders and management the on privacy fundamentals underlining these activities.
Next, we will move into three videos addressing personal data under GDPR.