Frustrated man

Copy/paste consultancies

Top 3 data protection program issues and how to start resolving them: #25

Painting by numbers enables some great-looking and repeatable works of art.

But if the underlying artistic and creative skills are missing, the ability to deal with blank, or overly complex canvases will result in unpredictability or even a complete mess.

It’s no different with data protection - here are 3 common issues.

#1 Sales-oriented juniors

The deal has been signed and you’ve been introduced to the team assigned to your company.

They are all dressed smart, and you notice they look so young.

Many are also smart in the way they work.

They know the company’s frameworks inside out, but once there’s a major digression, they may need to phone a friend.

They are also on the lookout for opportunities the minute they arrive onsite.

Not opportunities for your business.

But opportunities where they can bring in armies of their colleagues.

Remember, they need to hit their sales targets.

#2 Shoe-horning is not change management

“Implementing” a generic framework into a company may look impressive on the surface but if it lacks context, buy-in and doesn’t address the unique attributes of the company, it’s a waste of time and money.

This is critical - implementation requires understanding the uniqueness of a company - the nature of business, the strategy, the nature of processing, the technologies deployed, the risks, the risk appetite, and so on.

There’s nothing wrong with a generic framework.

It’s a sound starting point, but ensure it’s adaptable and can be tailored to different contexts.

#3 Living and breathing, or dependency?

Unless the intention of engaging with a consultancy is to outsource specific services, framework implementation should also ensure responsibilities for data protection are embedded across the company.

Good embedment is enabled by internal staff taking ownership, being actively involved in solution design and seeing the WIIFM.

All too often I’ve seen consultancy engagements completed and vast voids left in the company, only for a subsequent support agreement to be established with the same consultancy.

At Purpose and Means, we do things differently.

The data protection experience for employees and management is what we focus on.

We build passion and interest in data protection through highly visual, creative approaches.

Data protection is complex, and to bring it alive, make it actionable from top to bottom requires an approach your average copy/paste consultancy doesn’t provide.

Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.

We’re based in Denmark, but operate globally.

If this issue resonates, book a call to discuss your requirements!

Petruta Pirvan
Tim Clements
April 13, 2023


Other posts

June 2, 2023
Disseminating policies
Tim Clements
May 27, 2023
Ineffective controls
Tim Clements
May 26, 2023
DPIA on a page
Tim Clements
May 25, 2023
GDPR on a page
Tim Clements
May 22, 2023
GDPR 5 years old - is it really?
Tim Clements
May 9, 2023
Employee engagement
Tim Clements
May 2, 2023
Managing risk
Tim Clements
April 13, 2023
Copy/paste consultancies
Tim Clements
April 6, 2023
Controller/Processor life-cycle
Tim Clements
March 30, 2023
Responding to an audit
Tim Clements
March 23, 2023
Data protection templates
Tim Clements
March 11, 2023
Data protection program control
Tim Clements
March 6, 2023
Reporting data protection status
Tim Clements
March 2, 2023
The lone data protection army
Tim Clements