View all episodes of the "KPMG Privacy" video series.
- Welcome to the first “how-to” GDPR video in KPMG’s privacy video series
- This video will offer a view point on how to meet the basic requirements of GDPR.
- Multiple articles of GDPR, cite the need for an effective privacy program and governance model.
- It is important to remember that privacy, risk, and legal teams define the “what” and security, business and compliance teams, define the “how.”
- Lessons learned indicate that a centralized authority command and control privacy organization works best.
- This can be achieve through the following four steps:
1. Establishing and empowering a Chief Privacy Officer, working shoulder-to-shoulder with the business.
2. Active coordination with IT, European business units, and a Data Protection Officer.
3. Steering committees and privacy ambassadors to help facilitate awareness.
4. “Plain English” policies, controls, and standard operating procedures.
- Another key lesson we’ve learned, is to emphasize privacy principles like Transparency or Purpose limitation that guide standards reinforced by policy.
- Meaning: privacy standards (not policy!) are the key to effective privacy compliance and governance.
- Ask yourself: who is doing what with whom to accomplish what?
- The accomplishment of “what” goes beyond GDPR readiness
- It should be driven by a strategic game-changer for privacy, for example, Customer Trust Comes First
- This involves a self-service, on-demand, business initiated, and privacy by design solution
- All privacy compliance and governance should operate within this strategy.
- We appreciate your time and attention.
- Thanks for watching.