Privacy (GDPR)

How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea.

In May 2018, EU General Data Protection Regulation (GDPR) came into effect. This made specific requirements for companies processing personal data. If you collect and process personal data from customers, you will need to ensure privacy compliance. Following EU GDPR, more countries have passed a privacy law.

EU GDPR has provision to fine a company Euro 20 million or up to 4% of global turnover. A company can be fined the higher of the two numbers. Fines in multiple millions are not sustainable for companies.  This requires companies to take action on privacy compliance. Further, research indicates that companies that invest in privacy compliance often benefit from increased customer trust, enhanced brand loyalty and reduction in incidents like data breaches. In short, a win-win situation for companies wherein they can avoid fines and reap benefits through investments in privacy compliance.

In effort to help small companies at reasonable prices, a lot of consulting firms offer a set of necessary documents and templates as a bundle called Privacy Kit. For example, privacy kit by our company includes 25+ documents and templates. Whilst helpful, these kits require privacy knowhow and understanding before implementing.

Privacy kits include legal documentation. Most companies end up using the privacy kits without any assistance from a privacy expert i.e., they tend to brand the documents in their company name but tend act blindly when it comes to customizing inline their company situation. This means the result is no better than downloading a template from internet and using it as is without adding the necessary nuances in context of your company. In short, a company remains non-compliant and creates greater risk.

Illustrations by Freepik Stories

In my opinion, the best way a company ensure privacy compliance using a privacy kit is by taking three simple actions:

  1. Understanding what privacy is, why it is necessary and what are actions are commonly accepted form businesses. This may be achieved through a Privacy Training for Business Owners. It can be a short and to the point training of one hour.
  2. Making a conscious choice on which actions they need to take and choosing the right documents and templates from the privacy kit for company’s privacy compliance. This can be done based on the training or with help of a privacy consultant. For example, I recently helped an internet media company to train their key managers, help them identify right actions and define priorities in matter of one day.
  3. While your staff can do a lot, you would generally be better off having a consultant assist you in pursuing privacy compliance. You do not need to have this consultant on full time basis but on fractional basis wherein the consultant supports your staff on need basis. If you company has regular privacy needs, you may consider booking a consultant for you on a few hours a month basis. This is called fractional privacy officer.

When you do all of above, you will know what you are doing, why is it necessary, the customers will feel better, staff will be feel supported and you will also be privacy compliant. If you need assistance in taking the described steps, do not hesitate to get in contact.

About the Author: Punit Bhatia is one of the world's leading privacy experts who has worked with professionals in over 30 countries. Punit guides business and privacy leaders on GDPR-based privacy compliance through online as well as in-person training and consulting. Punit is also the host of FIT4PRIVACY podcast where in he invites influencers to share their views about privacy compliance.

Need a lawyer in this area?

avatar checked



6 years of experience

As a privacy consultant, I provide you with practical advice that is relevant to your...

Legal Nodes Blog

Privacy (GDPR)
How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert, shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea....

Punit Bhatia
Legal Nodes Updates
Legal Nodes in 2020: A Year in Review

Despite the fact that for many 2020 will be strongly associated with the coronavirus pandemic and lockdown measures, it would be a mistake to forget all the good things that happened this year. Especially when the festive season approaches, and ...

Legal Nodes Team
Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills
Privacy (GDPR)
Privacy Policy: Everything you need to know

Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees....

Legal Nodes Team
Privacy (GDPR)
Initial Privacy Assessment: Everything You Need to Know

A privacy assessment is a methodic review of your state of compliance with personal data protection laws....

Legal Nodes Team
Legal Nodes Updates
Legal Nodes Secures the $50k Grant from the Ukrainian Startup Fund Pitching Competition

We are delighted to announce that Legal Nodes scored the highest during the fifth Ukrainian Startup Fund pitching competition and was awarded a $50k Grant. ...

Legal Nodes Team
Privacy (GDPR)
Privacy Kit: Website and Apps solution

Privacy Kit is a standardised set of documents for a website or an app....

Legal Nodes Team