Top 3 tips for a truly effective data protection strategy

World Data Protection Day - 28 January

As we mark data protection day in Europe and many US states, how do we determine whether our strategies and privacy programmes are the right ones?

Although you might have data protection in your job title, or it is part of your responsibility, one person alone cannot ensure an effective programme is in place and working. A truly effective data protection strategy involves you driving strategy and direction, but also includes bringing the right people together, co-ordinating efforts, communicating between departments, empowering staff to make decisions in their area and engaging each employee to take accountability.

• Build an effective support network throughout your organisation

You can initiate and drive the core elements of a programme, and perhaps develop company privacy principles on which to hang other policies, procedures, education and training. But you need the right staff in other departments to join your effort.

You need their help to find out what happens in practice, and to communicate and implement any changes or new ideas. Developing a governance committee made up of key staff from the departments that handle personal data is a good way to bring the right people together and start communicating.

A network of privacy champions can also be valuable, especially in large organisations. You support and train them, and they are your eyes and ears on the ground, and also a good way to promote your messages and encourage engagement.

• Think outside the box in how you raise data protection on people’s radar

Not everyone welcomes yet more training, but running an awareness campaign to mark data protection day can help staff think more about key aspects of data protection that are important to your business. This helps reinforce the message that it is everyone’s responsibility to look after personal data.

If you can make your message humorous or involve quizzes and prizes, then this can help get staff interested.

• Be a friendly auditor

Rather than reviewing and checking on the whole business in the manner of an internal audit, plan what areas of the business you want to tackle this year and approach them as a helping hand. Position yourself as wanting to make sure all the information you have is correct, and to make sure any changes have been recorded.

So however you choose to mark data protection day in your business, remember, you’re not alone!