Preparing for Improvement in Data Privacy

Data privacy management is an organization-wide effort. Businesses most often find themselves with reputational damage when they treat data
privacy as purely an IT concern and breaches occur. Positive and supportive ‘tone at the top’ from the board on down is indispensable. Business unit heads must have data privacy management included in their job descriptions and in their Key Performance Indicators (KPIs), which they may cascade down to their senior managers.

With these foundational messages and responsibilities in place, the first step to improving data privacy management capability is to define the current state of that capability; the second step is to revise it where weaknesses are identified.

By developing and maintaining a data inventory and data flow map, an organization gains a clear view of its present state of data privacy
management – a necessary requirement to prepare for improvement. With this knowledge, it can better ensure that it is:
• addressing the factors that support consumer trust in the organization, and
• developing policies and standard operating procedures that support compliance with applicable data privacy laws.

This Playbook provides tools to help you complete this critical first step. Playsheets 1 and 2 support development of the data inventory; playsheets 3
and 4 support development of the data flow map.