Automating the privacy function
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
April 4, 2022732 views0 comments
Privacy is a business function. That is a fact. Most business functions in companies are often automated. For example, the human resource function will use tools to manage payroll, the data analytics function will use tools to aggregate data for analysis and perhaps, the operations function will employ tools to ensure that the end-to-end management of various operation functions are designed by a tool.
When I say tool here, I mean software tool. And, in privacy too, there is an expedient need for privacy tools. As such, using a privacy software for the automation of privacy in any business becomes a paramount issue. There are so many pros for automating the privacy function but first I would like to enumerate what most companies use now.
The almighty Microsoft excel, in the first instance, serves as the manual tool most companies use for the foundational piece in their data mapping exercise (the foundational piece in any privacy job). However, this approach leaves room for varying degrees of privacy gaps. First, it requires an incredible amount of time to answer the questions, involving various stakeholders and ensuring that the right answers are provided.
In addition to this, there is a very great chance that there is no work synergy between the privacy professional and the various heads-of in the various business functions. What this implies is that there is a back and forth sharing of excel spreadsheets with various versions. This leaves two important grey areas: first, the tracking of various versions of excel sheets and the mistake of using old existing excel sheets could lead to a misappropriation of privacy risk assessment.
As robust as the excel tool might be, it must be stated clearly that it doesn’t particularly help with the end-to-end management of privacy risks. It is limited in what it can achieve and often, quite obviously puts the privacy professional in a place where she feels that the task is extremely gargantuan and requires constant updating. For example, the maintenance of records of processing activity is another area where most companies use excel tool for and the task, to say the least, is a beast on its own.
I’d argue that companies who take the privacy function as a business priority should invest in the right privacy software tool to automate various privacy tasks within their business. The idea of using an excel sheet for improving the privacy function is so obsolete. Stakeholders must understand that as their business begins to grow certain triggers like Data Protection Impact Assessment (DPIAs) would become automated and this can easily be assigned to the right individual within the right department.
This is not to say that excel and words are not fine tools in assisting with the delivery of privacy function. But this is to state that automating the function would help cut administrative time, save the business cost and lead eventually to having a consistent privacy function that fits the purpose and missions of the company.
I must add that companies looking to automate their privacy function must understand their goals, consult with internal stakeholders like Information security, internal developers and the legal team before choosing the right vendor to help with this task. It is important too that they must go with Gartner rated vendors. Privacy is business function that deserves automation.