Top 3 data protection program issues and how to start resolving them: #25
Painting by numbers enables some great-looking and repeatable works of art.
But if the underlying artistic and creative skills are missing, the ability to deal with blank, or overly complex canvases will result in unpredictability or even a complete mess.
It’s no different with data protection - here are 3 common issues.
#1 Sales-oriented juniors
The deal has been signed and you’ve been introduced to the team assigned to your company.
They are all dressed smart, and you notice they look so young.
Many are also smart in the way they work.
They know the company’s frameworks inside out, but once there’s a major digression, they may need to phone a friend.
They are also on the lookout for opportunities the minute they arrive onsite.
Not opportunities for your business.
But opportunities where they can bring in armies of their colleagues.
Remember, they need to hit their sales targets.
#2 Shoe-horning is not change management
“Implementing” a generic framework into a company may look impressive on the surface but if it lacks context, buy-in and doesn’t address the unique attributes of the company, it’s a waste of time and money.
This is critical - implementation requires understanding the uniqueness of a company - the nature of business, the strategy, the nature of processing, the technologies deployed, the risks, the risk appetite, and so on.
There’s nothing wrong with a generic framework.
It’s a sound starting point, but ensure it’s adaptable and can be tailored to different contexts.
#3 Living and breathing, or dependency?
Unless the intention of engaging with a consultancy is to outsource specific services, framework implementation should also ensure responsibilities for data protection are embedded across the company.
Good embedment is enabled by internal staff taking ownership, being actively involved in solution design and seeing the WIIFM.
All too often I’ve seen consultancy engagements completed and vast voids left in the company, only for a subsequent support agreement to be established with the same consultancy.
At Purpose and Means, we do things differently.
The data protection experience for employees and management is what we focus on.
We build passion and interest in data protection through highly visual, creative approaches.
Data protection is complex, and to bring it alive, make it actionable from top to bottom requires an approach your average copy/paste consultancy doesn’t provide.
Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.
We’re based in Denmark, but operate globally.
If this issue resonates, book a call to discuss your requirements!