Frustrated man

Interactions and inter-dependencies with others

Top 3 data protection program issues and how to start resolving them: #26

Data protection is a complex and broad topic.

Although some may perceive it as primarily a legal issue, to succeed, you need to understand the broadness and accept that you’ll never personally cover every nuance.

No matter whether you consider yourself to be an expert in data protection law, data protection by design, privacy engineering, records management or value sensitivity (to name a few examples) you should see yourself as part of a larger team.

That’s because data protection is a team sport, or to use another analogy, as a leader, you are like a conductor of an orchestra.

You depend on the knowledge and expertise of others.

#1 Knowledge and skills gaps

You need to appreciate what you bring to the table, and what you don’t.

If you are an expert in data protection law but lack change management know-how, don’t attempt to do change management.

Bring in a change management resource.

The same goes for all other needed competences.

Here lies the challenge - understanding the broadness and knowing when to orchestrate the various colleagues.

#2 Lack of embedment

It’s always interesting to read cases investigated by SAs or incidents in the news, especially to understand the learning points.

I’m amazed at how there are often symptoms of lack of embedment of policies.

Symptoms that show policies have not been brought to life in the different organisational contexts, e.g. HR v IT v UI/UX v Product Dev.

Employees have been expected to figure all this out for themselves after watching some generic GDPR eLearning.

Regular interaction through a cadence of employee engagement - in their context - is absolutely critical.

And this brings me to the third issue.

#3 Employees are *not* the weakest link

You shouldn’t blame employees if you’ve not invested in making data protection contextual.

Or, if you’ve not made data protection easy for them to understand.

Or easy to live up to your policy statements.

Meet employees where they are, their context, rather than expecting them to embrace your often perceived abstract world of data protection.

At Purpose and Means, we do things differently.

The data protection experience for employees and management is what we focus on.

We build passion and interest in data protection through highly visual, creative approaches.

Data protection is complex, and to bring it alive, make it actionable from top to bottom requires an approach your average copy/paste consultancy doesn’t provide.

Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.

We’re based in Denmark, but operate globally.

If this issue resonates, book a call to discuss your requirements!

Petruta Pirvan
Tim Clements
April 27, 2023


Other posts

June 2, 2023
Disseminating policies
Tim Clements
May 27, 2023
Ineffective controls
Tim Clements
May 26, 2023
DPIA on a page
Tim Clements
May 25, 2023
GDPR on a page
Tim Clements
May 22, 2023
GDPR 5 years old - is it really?
Tim Clements
May 9, 2023
Employee engagement
Tim Clements
May 2, 2023
Managing risk
Tim Clements
April 13, 2023
Copy/paste consultancies
Tim Clements
April 6, 2023
Controller/Processor life-cycle
Tim Clements
March 30, 2023
Responding to an audit
Tim Clements
March 23, 2023
Data protection templates
Tim Clements
March 11, 2023
Data protection program control
Tim Clements
March 6, 2023
Reporting data protection status
Tim Clements
March 2, 2023
The lone data protection army
Tim Clements