iAPP.org states that the title an organization used to denote its privacy leaders may tell a lot about its approach to privacy. They state the most popular 5 terms are;
1) Privacy Officer
2) Chief of Privacy, or Chief Privacy Officer
4) Security Director
5) Vice President of Privacy
So you have a privacy leader, where do they fit within your organization?
While iAPP states there is no standard organization structure for privacy across organizations, Natuvion’s GDPR or transformation projects have consistently worked with 3 business functions; a legal or DPPO team, business analyst team and technical team (IT). The GDPR project itself was driven by Legal or a DPPO [Data Protection and Privacy Office], with each function running a sub-project for their related actions.
So you have a privacy leader, do you have privacy vision?
A privacy mission statement or vision document has the goal of communicating your company’s privacy position to all stakeholders and is always used in company wide education too.
Elements of a privacy vision
1) Value or privacy to the organization
2) Organizational objectives
3) Strategies to achieve intended outcomes
4) Roles and responsibilities - for example, only trained and authorized employees will have permission to work with personal data.