Security professional checking files.

October 25, 2023

Three steps toward making your privacy program a strategic business enabler 


As privacy professionals, we know the privacy function is so much more than a bottleneck or a “House of No.” In fact, a strategic privacy program has a net-positive impact on the business’ bottom line.

But how do you approach getting strategic about your privacy program's impact on the business? First, you need to get visibility on your organization's data uses, next you need to develop a 'single source of truth' mapping those uses organization-wide, and then you need to invest in some tooling to help you measure how effective your team is at helping the business' bottom line.

Get eyes on everything the biz is building with data

You can’t fix what you can’t see. And that's a problem, because to do your job as the company's protector of data, you need the necessary information to fully understand how data flows within your organization. Without continuous visibility into what data your organization collects and how it uses the data, privacy can slip through the cracks, leading to unnecessary compliance risks.

How can you get a beat on what your business is doing before things go out the door? And how can you do it in a way that doesn't feel like you're paralyzing product development?

You can’t be everywhere, so you need foot soldiers. The problem with that can be privacy's legacy image as a simple compliance function often stands in the way of your ability to get eyes on what’s happening with data within your teams’ programs. When privacy is treated as a checkbox exercise or, worse, an obstacle to development, teams stop looping you into product plans or raising red flags in time for you to mitigate risk.

If you nurture relationships with key stakeholders across the organization, especially profit-centers like sales, you’re strategically creating alliances and support for what you need out of your teams. You should

• Join product & eng meetings, especially sprint demos.

• Align your KPIs with stakeholders’ KPIs, so you’re all moving toward the same goalposts.

• Educate your teams on basic privacy principles, encourage them to come to you to fill in the gaps.

• Meet with department leads like marketing, trust and safety, customer success, security, etc., to nail down who’s using data, for what, and with whom it’s shared. •

Prioritize when you’re going to throw a red flag

Not all reviews were created equal, and it's important to prioritize. Giving every review the same weight would slow the train wheels to a screeching halt. To keep up with the pace the business requires of you based on your organization's risk-toleranceOnce you’ve got eyes on the personal data your organization is ingesting, using, and sharing, the next step is to consolidate all of the knowledge teams have in one tool. This is your single source of truth. When you all have eyes on the same design plans, updated as changes occur, you can get strategic about triaging the important privacy reviews based on your organization’s risk tolerance. Not every review was created equal. Tooling allows you to collaborate with stakeholder teams in real-time, make tweaks, and avoid bottlenecking the product team.

Automating also makes your reports on data easier, quicker, and deeper. When you’re working with spreadsheets, counting and charting privacy reviews can be a hassle, and data entry mistakes can throw off your count. With tooling, reporting is accurate and instantaneous.

Prove your worth with numbers

Your ability to articulate cost-savings and speed is your ticket to more budget and headcount

An important part of indicating you’re a strategic business partner is having numbers to back that up. You should be able to report not only how many reviews you’ve done, but also how that saved the business time and money. Those are the metrics that will bolster your argument for resources, raises, and promotions. Using technology like TerraTrue can indicate you’re a strategic partner by giving you answers to the following questions, among others:

• What of the business’s core functions you’re enabling.

• How you’re creating value to the business.

• How long it takes you to complete a PIA.

How it takes you to complete a DPIA.

You might also consider reporting on how many deals you’ve won based on your privacy practices, and in what ways are you saving the business money by mitigating risk.

For more on how to make your privacy program more strategic, come hang out with us at our Nov. 14 webinar on this very topic.