Every organisation should have clearly defined privacy objectives and a privacy strategy. At a very high level, we believe that some objectives of any privacy project should be to:
- grow the organisation; and
- avoid legal problems, difficulties, and disputes.
Let’s explore these two objectives in more detail, because they are important. If you keep on measuring your actions against your objectives, then you will always be able to check whether you’re on the right path or not.
To grow the organisation
How do you grow an organisation? You focus on protecting your customers and your employees. If you are looking after these two groups of people, then you are going to flourish and do well as a business.
You also need to win the trust of your customers in particular. If you can show them that you are protecting their personal information, they will trust you more, which will result in them wanting to do more business with you. And more business means you will grow and prosper.
On the one hand, privacy has nothing to do with legal compliance and everything to do with ensuring that you are doing what you should be doing in the eyes of your customers. You have a serious problem if your customers, or your employees for that matter, don’t trust you.
Avoid legal problems, difficulties or disputes
On the other hand, you want to avoid legal problems, difficulties, and disputes. This is the legal compliance aspect of your privacy objectives.
You want to avoid things like fines and regulatory investigations. Disputes in the form of litigation are always costly, time-consuming and are usually not in anyone’s interests.
However, it may be impossible to avoid all legal pitfalls. This is why we recommend that you focus on the most critical areas that are likely to have the biggest impact on you.
These could be some of your high-level objectives and everything you do could be measured against them. If something that you are doing does not achieve those objectives, then you shouldn’t be doing it.