Sustainable Compliance

Most compliance professionals feel overwhelmed by the constant stream of information about their area. New legal developments, new technical stuff to look into and on top of that internal things like new systems and ways of working.

Information overload can hamper a privacy program.

In this episode Jacob H. Larsen speaks to Rie Walle about getting a system to stay up-to-date.

Take aways on making a system for staying current:

1. Find your trusted sources. Be critical.
2. Use the wisdom of the crowd.
3. Opt-out. Be clear about what you do NOT need to know.
4. Put it in a system. Jacob uses a simple Database in Notion, Rie utilizes Excel
5. Focus on the basics
6. THEN specialize
8. Make use of the privacy and compliance network - it's a friendly one
9. Put "studying" in your calendar at least once a week

Host: Jacob H. Larsen
Follow him on Linkedin for news, views, how-tos and tools about compliance, privacy and information security: https://www.linkedin.com/in/jacobhoedtlarsen/
By: Wired Relations - www.wiredrelations.com

Rie Walle is a Grumpy GDPR podcast host, Speaker & Lecturer as well as an External/Fractional DPO
Linkedin: https://www.linkedin.com/in/riealeksandra/

No Ties Consulting: https://www.noties.consulting/

Grumpy GDPR podcast: https://www.noties.consulting/grumpygdpr/

Data compliance is broken.

Increasing regulations,
- high public expectations,
- and real business needs

have made the data layer exceedingly complex.

It’s not balanced with its surroundings anymore.

We have to rethink the function and organisation of compliance — and in this podcast we invite you to join that conversation - www.wiredrelations.com/datasustainability

From tick-the-box compliance to balanced decision-making
In this episode we'll go deeper into the second trend of Sustainable Compliance and look at why things are changing from a mindset of "tick-the-box compliance" to a "balanced decision-making". We'll also share learnings on how to get there.

Why tick-the-box compliance is not a great idea.

• 💵 Calculating 4 % of global revenue for fines does not make sense anymore.
  • To most companies discovery risk is low, and the level of fines have never reached that level.
• 👮🏻‍♀️Management buy-in should not be based on fear of fines.
  • It should be based on how the privacy program positively benefits the organisation.
• 📚 Legal requirements are important.
  • So are the demands and wishes of our customers, colleagues, local community and other stake holders.
  • We should broaden the scope of our privacy compliance.
• 💻 Spread sheets are great for many things (I'm told).
  • They proved less optimal for privacy compliance because keeping them up-to-date became a hassle. Many have not been updated since 2018.
• ✅ Tick-the-box compliance is dying. And we shouldn’t lament that.
  • Instead, let’s replace it with making balanced decisions on data compliance taking the law, value creation and public expectations into account.
• 😇 Feeling good about your job is important.
  • However, only feeling good when you ARE compliant will make you feel miserable most of the time.
  • Let’s feel great about the process of compliance.
• 🧑🏼‍💻 And finally. Data compliance is real work and provides benefits to the organisation.

Follow your host, Jacob Høedt Larsen, on Linkedin: https://www.linkedin.com/in/jacobhoedtlarsen/

Read more about the cooperation problem, Officers and Operators on our blog: LINK

Sustainable Compliance Live is a weekly show and you’re invited. Subscribe to our newsletter and get the agenda every week: https://www.wiredrelations.com/datasustainability#data-sustain-form

The five trends of Sustainable Compliance are:

Trend # 1 From centralized authority to company-wide collaboration

Trend # 2 From tick-the-box compliance to balanced decision-making

Trend # 3 From problem-oriented to solution-oriented

Trend # 4 From legal thinking to strategic involvement

Trend # 5 From managing data subject to caring about people

Shifting Privacy Left is a conscious effort to embed privacy practices earlier in the development life cycle to prevent privacy harms and data breaches from forming, Privacy Tech Advisor Debra Farber says.

In this interview Debra Farber and I discuss what Shifting Privacy Left does, how it helps organisation, what competencies are needed and how it is implemented.

My take-aways from the interview:

• Privacy requirements should be table stakes and functional product requirements, not something that comes from legal or the privacy team.
• Privacy by Design is the strategy, Shifting left is the implementation.
• It's a cultural shift which requires upskilling. Today, most developers, don't think privacy is their responsibility. Therefore, they should learn about privacy and data protection.
• Shifting Privacy Left can solve problems, lessening the compliance burden down the line.

You host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Debra J. Farber is a globally-recognized Privacy, Security and Ethical Tech Advisor and Principal and Host of The Shifting Privacy Left Podcast.

The Shifting Privacy Left Podcast: https://shiftingprivacyleft.com/audio/8323

Sustainable Compliance is brought to you by Wired Relations - read more about here: https://www.wiredrelations.com

Making a Data Protection Impact Assessment (DPIA) on Google Workspace for schools is a huge undertaking. In Norway they've decided to collaborate on it.

Today, Jacob Høedt Larsen, talk to project manager, Ida Thorsrud, about the project and learnings from it.

Some take-aways:

• It has been possible to co-operate with Google in the proces, something that Ida has never experienced before
• Parents, teachers and pupils are involved and give the project team a much better view of risks to the "data subject"
• Project participants learn a lot from the process that can be put to use in their everyday job
• Responsibility lies with the municipalities. Therefore, the project aims at making it 80 % ready.

You can follow the project by subscribing to their English newsletter:
https://nyhetsbrev.ks.no/p/s/MTk4ODA6ZmUyZjg3ZTQtYWZmYS00NGZjLWE2MzItYmNkNjFlNmEyOTBm

Follow your host, Jacob Høedt Larsen, on Linkedin for more news and views on Sustainable Compliance: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about us here.

"If you just have that legal focus, you may be perceived as the necessary evil, rather than being a partner," says Tim Clements in this podcast.

Tim and Jacob talks about:

1️⃣ The 3 top issues in data protection programs
2️⃣ Which competencies are needed in privacy pros in the future and
3️⃣ How to train for it

Jacob's take-aways from this interview:

✅ In many companies data protection is seen as a purely legal issue. That's a problem.
✅ Data protection is a team sport (and lawyers are the goal keepers - you don't want 11 of those in your football team).
✅ Your job as a privacy pro is making complex concepts easy to make it a great experience for your colleagues, management and customers.
✅ Look to other sectors for inspiration. The advertising industry is great at getting attention.
✅ The best course Tim ever took on privacy... was business analysis.
✅ Training employees should be empowering. They should take responsibility and even create their own materials.
✅ You should have a data protection strategy and it should be aligned with business strategy.

Share your take-aways with Jacob Høedt Larsen on Linkedin: https://www.linkedin.com/in/jacobhoedtlarsen/

Tim Clements (https://www.linkedin.com/in/tim-clements-copenhagen/) is the founder of Purpose and Means (https://www.purposeandmeans.io/), the home of purpose-driven data protection strategies.

Your host: Jacob Høedt Larsen (https://www.linkedin.com/in/jacobhoedtlarsen/) is a privacy evangelist at Wired Relations. As well as hosting this podcast, he discusses and shares on privacy compliance on Linkedin daily.

Wired Relations is a privacy tool for GDPR and InfoSec Management. It helps you automate and collaborate on your privacy workflow to get trustworthy faster.

www.wiredrelations.com/datasustainability