Four Steps To Implementing A Successful Data Privacy Program


A number of new laws – recently passed in Europe, China, the U.S., and Brazil – are presenting an urgent need for organizations to develop data privacy policies. Not only are these laws creating compliance concerns, they are also compelling organizations to start embracing data privacy as a core value.

How Can Organizations Establish Data Privacy Policies As A Core Value?

According to Kevin Shepherdson, CEO and Founder of Straits Interactive, a leading data privacy consultancy in Singapore, transformation around data privacy needs to start with an organization’s leadership. Senior leaders need to make it clear that their organizations take data privacy seriously by providing the necessary resources to institute a data protection management program (DPMP). This also should include training their staff around such programs.

“We often see data breaches being described as ‘human error’, which is unacceptable to regulators and should not happen where there is sufficient staff training and strong ‘tone at the top,’” Shepherdson writes in CPO Magazine. “As important as initiating the DPMP is sustaining it. The organization must maintain compliance efforts by educating stakeholders about its data protection policies, including conducting regular data privacy audits and regular risk assessments.”

How Can Organizations Successfully Implement a Data Privacy Program?

Stu Sjouwerman, founder and CEO of KnowBe4, which develops security awareness training and simulated phishing platforms, offers the following four recommendations for organizations that want to implement a successful data privacy program, which he originally outlined in Security Magazine:

  1. Be inclusive of every department in your organization: Data security impacts every facet of your organization. Each department likely processes data in its own way, so it’s important to include each department, process, and vendor in your data privacy plans.
  2. Track your practices using documentation: Documenting your data privacy practices as you go along will give you valuable perspective into how your practices deliver value and risk. “Map out your entire data lifecycle (using data flow diagrams) and the process each department uses to collect, store, access, use and share consumer data,” writes Sjouwerman. “Outline the organization’s legal and contractual obligations and the process with which end users can manage their privacy rights.”.
  3. Go Beyond Compliance: Organizations have a tendency to see legal and compliance obligations as “a checklist of items that need to be crossed.” According to Sjouwerman, this is a common mistake. Instead, he suggests looking at privacy as your users’ fundamental right that your organization’s compliance practices must work to uphold.
  4. Continuously re-assess your data privacy practices: No organization stays the same. Departments, processes, vendors, products, and people change over time. As such, it’s important to regularly assess your data privacy practices to ensure they are evolving with your organization. According to Sjouwerman, this involves undergoing a Data Protection Impact Assessment, which he says will help “identify risks proactively and reduce the likelihood of any impact to the organization or its customers.”

With data privacy laws becoming more common, privacy policies are no longer a consideration – they are a necessity. Is your organization equipped with the knowledge to implement a successful data privacy program?

Data Privacy by Design

IEEE has partnered with the IAPP to provide the IEEE | IAPP Data Privacy Engineering Collection to organizations. This unique training is designed to further educate technical professionals tasked with developing products so they understand, maintain, and protect data privacy throughout the R&D process. The program provides access to tools that allow the technical workforce to implement policies and processes for designing products that take ethical personal data use into consideration right from the start.

Learners will understand how to:

  • recognize the benefits and challenges of emerging technologies and how to use them while respecting customer privacy
  • establish organizational privacy practices for data security and control
  • learn practical knowledge and insights to address corporate privacy challenges
  • leverage the knowledge gained to develop products that take data privacy into account

Contact an IEEE Account Specialist today to learn more.

Plus, download this infographic from IEEE to discover ways how your organization can tackle data privacy regulations!


Sjouwerman, Stu. (22 March 2022). Data privacy in 2022: Four recommendations for businesses and consumers. Security Magazine.

Shepherdson, Kevin. (18 March 2022). Data Privacy in 2022: Navigating the Ever-shifting Terrain. CPO Magazine.

, , ,

No comments yet.

Leave a Reply