How Can You Leverage a Privacy Kit More Effectively?
In this article, Punit Bhatia, a leading privacy expert shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea.
In May 2018, EU General Data Protection Regulation (GDPR) came into effect. This made specific requirements for companies processing personal data. If you collect and process personal data from customers, you will need to ensure privacy compliance. Following EU GDPR, more countries have passed a privacy law.
EU GDPR has provision to fine a company Euro 20 million or up to 4% of global turnover. A company can be fined the higher of the two numbers. Fines in multiple millions are not sustainable for companies. This requires companies to take action on privacy compliance. Further, research indicates that companies that invest in privacy compliance often benefit from increased customer trust, enhanced brand loyalty and reduction in incidents like data breaches. In short, a win-win situation for companies wherein they can avoid fines and reap benefits through investments in privacy compliance.
In effort to help small companies at reasonable prices, a lot of consulting firms offer a set of necessary documents and templates as a bundle called Privacy Kit. For example, privacy kit by our company includes 25+ documents and templates. Whilst helpful, these kits require privacy knowhow and understanding before implementing.
Privacy kits include legal documentation. Most companies end up using the privacy kits without any assistance from a privacy expert i.e., they tend to brand the documents in their company name but tend act blindly when it comes to customizing inline their company situation. This means the result is no better than downloading a template from internet and using it as is without adding the necessary nuances in context of your company. In short, a company remains non-compliant and creates greater risk.
In my opinion, the best way a company ensure privacy compliance using a privacy kit is by taking three simple actions:
- Understanding what privacy is, why it is necessary and what are actions are commonly accepted form businesses. This may be achieved through a Privacy Training for Business Owners. It can be a short and to the point training of one hour.
- Making a conscious choice on which actions they need to take and choosing the right documents and templates from the privacy kit for company’s privacy compliance. This can be done based on the training or with help of a privacy consultant. For example, I recently helped an internet media company to train their key managers, help them identify right actions and define priorities in matter of one day.
- While your staff can do a lot, you would generally be better off having a consultant assist you in pursuing privacy compliance. You do not need to have this consultant on full time basis but on fractional basis wherein the consultant supports your staff on need basis. If you company has regular privacy needs, you may consider booking a consultant for you on a few hours a month basis. This is called fractional privacy officer.
When you do all of above, you will know what you are doing, why is it necessary, the customers will feel better, staff will be feel supported and you will also be privacy compliant. If you need assistance in taking the described steps, do not hesitate to get in contact.
About the Author: Punit Bhatia is one of the world's leading privacy experts who has worked with professionals in over 30 countries. Punit guides business and privacy leaders on GDPR-based privacy compliance through online as well as in-person training and consulting. Punit is also the host of FIT4PRIVACY podcast where in he invites influencers to share their views about privacy compliance.
Need a lawyer in this area?
6 years of experience