Privacy (GDPR)

How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea.

In May 2018, EU General Data Protection Regulation (GDPR) came into effect. This made specific requirements for companies processing personal data. If you collect and process personal data from customers, you will need to ensure privacy compliance. Following EU GDPR, more countries have passed a privacy law.

EU GDPR has provision to fine a company Euro 20 million or up to 4% of global turnover. A company can be fined the higher of the two numbers. Fines in multiple millions are not sustainable for companies.  This requires companies to take action on privacy compliance. Further, research indicates that companies that invest in privacy compliance often benefit from increased customer trust, enhanced brand loyalty and reduction in incidents like data breaches. In short, a win-win situation for companies wherein they can avoid fines and reap benefits through investments in privacy compliance.

In effort to help small companies at reasonable prices, a lot of consulting firms offer a set of necessary documents and templates as a bundle called Privacy Kit. For example, privacy kit by our company includes 25+ documents and templates. Whilst helpful, these kits require privacy knowhow and understanding before implementing.

Privacy kits include legal documentation. Most companies end up using the privacy kits without any assistance from a privacy expert i.e., they tend to brand the documents in their company name but tend act blindly when it comes to customizing inline their company situation. This means the result is no better than downloading a template from internet and using it as is without adding the necessary nuances in context of your company. In short, a company remains non-compliant and creates greater risk.

Illustrations by Freepik Stories

In my opinion, the best way a company ensure privacy compliance using a privacy kit is by taking three simple actions:

  1. Understanding what privacy is, why it is necessary and what are actions are commonly accepted form businesses. This may be achieved through a Privacy Training for Business Owners. It can be a short and to the point training of one hour.
  2. Making a conscious choice on which actions they need to take and choosing the right documents and templates from the privacy kit for company’s privacy compliance. This can be done based on the training or with help of a privacy consultant. For example, I recently helped an internet media company to train their key managers, help them identify right actions and define priorities in matter of one day.
  3. While your staff can do a lot, you would generally be better off having a consultant assist you in pursuing privacy compliance. You do not need to have this consultant on full time basis but on fractional basis wherein the consultant supports your staff on need basis. If you company has regular privacy needs, you may consider booking a consultant for you on a few hours a month basis. This is called fractional privacy officer.

When you do all of above, you will know what you are doing, why is it necessary, the customers will feel better, staff will be feel supported and you will also be privacy compliant. If you need assistance in taking the described steps, do not hesitate to get in contact.

About the Author: Punit Bhatia is one of the world's leading privacy experts who has worked with professionals in over 30 countries. Punit guides business and privacy leaders on GDPR-based privacy compliance through online as well as in-person training and consulting. Punit is also the host of FIT4PRIVACY podcast where in he invites influencers to share their views about privacy compliance.

Need a lawyer in this area?




6 years of experience

As a privacy consultant, I provide you with practical advice that is relevant to your...

Legal Nodes Blog

For Startups
Ultimate guide to connecting Virtual Data Protection Officer

Connecting Virtual DPO can greatly reduce start-up’s data protection costs. This article explains who the Data Protection Officer is, why you should consider outsourcing DPO services, and how to pick one that matches the needs of your business....

Legal Nodes Team
Privacy (GDPR)
Cookie Policy: How to Track Website Users Lawfully

The recent study of the Nederlandse Omroep Stichting (the ‘NOS’), a Dutch news media, showed that more than 1,300 Dutch websites violate the privacy of their users. The violation found by the NOS is simple - the users cannot use the websites wit...

Legal Nodes Team
For Startups
Why Your Startup Needs a Founders' Agreement + Template 2021

Founders Agreement – the key step to set clear intentions for you and your partners and to avoid misunderstandings in the future. In a new post on the Legal Nodes blog, we explain what a Founders Agreement is, reasons for your startup to prepare...

Legal Nodes Team
For Startups
Terms of Use that your users will actually read

In this article Legal Nodes Team talks about Terms of Use, how to write them effectively and why you need them in the first place. You could find a FREE template at the end of this article....

Legal Nodes Team
Privacy (GDPR)
How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert, shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea....

Punit Bhatia
Legal Nodes Updates
Legal Nodes in 2020: A Year in Review

Despite the fact that for many 2020 will be strongly associated with the coronavirus pandemic and lockdown measures, it would be a mistake to forget all the good things that happened this year. Especially when the festive season approaches, and ...

Legal Nodes Team
Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills