Top 3 tips for a truly effective data protection strategy

Top 3 tips for a truly effective data protection strategy

Computer wire - accessing and protecting dataWorld Data Protection Day - 28 January

As we mark data protection day in Europe and many US states, how do we determine whether our strategies and privacy programmes are the right ones?

Although you might have data protection in your job title, or it is part of your responsibility, one person alone cannot ensure an effective programme is in place and working. A truly effective data protection strategy involves you driving strategy and direction, but also includes bringing the right people together, co-ordinating efforts, communicating between departments, empowering staff to make decisions in their area and engaging each employee to take accountability.

  • Build an effective support network throughout your organisation

You can initiate and drive the core elements of a programme, and perhaps develop company privacy principles on which to hang other policies, procedures, education and training. But you need the right staff in other departments to join your effort.

You need their help to find out what happens in practice, and to communicate and implement any changes or new ideas. Developing a governance committee made up of key staff from the departments that handle personal data is a good way to bring the right people together and start communicating.

A network of privacy champions can also be valuable, especially in large organisations. You support and train them, and they are your eyes and ears on the ground, and also a good way to promote your messages and encourage engagement.

  • Think outside the box in how you raise data protection on people’s radar

Not everyone welcomes yet more training, but running an awareness campaign to mark data protection day can help staff think more about key aspects of data protection that are important to your business. This helps reinforce the message that it is everyone’s responsibility to look after personal data.

If you can make your message humorous or involve quizzes and prizes, then this can help get staff interested.

  • Be a friendly auditor

Rather than reviewing and checking on the whole business in the manner of an internal audit, plan what areas of the business you want to tackle this year and approach them as a helping hand. Position yourself as wanting to make sure all the information you have is correct, and to make sure any changes have been recorded.

So however you choose to mark data protection day in your business, remember, you’re not alone!


Related Articles:
Latest Articles:
About the author:
Emma Butler is currently Senior Director Privacy and Data Protection for Reed Elsevier as part of their Data Protection and Privacy Group. Her focus is primarily on the European LexisNexis businesses. She is also the Data Protection Officer for LexisNexis UK.


Emma previously spent seven years leading the international policy team at the Information Commissioner’s Office (ICO) where she worked with other regulators and the Article 29 Working Party as well as advising businesses and government entities on UK, EU and international data protection and privacy legislation.

She has a degree in French, Italian and linguistics and recently completed an LLM in Information Rights Law and Practice. She has an ISEB certificate in data protection and is an active member of the International Association of Privacy Professionals.