Privacy Budget: Squeeze Every Drop Out Of The Lemon…and Make Lemonade!
As the fiscal year is coming to an end, you may be scrambling to find ways to spend your unused budget; the ‘if you don’t use it, you will lose it’ syndrome. Irrespective of whether your unused budget is allotted for privacy compliance, and regardless of whether you have a mature or immature privacy program, there are a variety of ways you can spend your remaining budget on your privacy program that has a low cost, high yield value proposition.
INVESTING IN PRIVACY
Unless you have been living under a rock, it is no secret that privacy and data protection have become mainstream as companies, regardless of size, understand that customer data is the core of their business and therefore needs to be protected and used responsibly. The privacy movement is partly due to an increase in privacy breaches, strict regulations, and regulatory enforcement, as well as the need to appease customers who are wary about how companies use their personal data.
According to a Cisco Privacy Benchmark Study 2021, companies’ privacy budgets doubled in 2020, with 35% of companies seeing a return on their investment at a rate of two times their investment. Those companies that invest in privacy compliance will see rewards including building loyalty and trust with their customers, reduced losses in the event of a breach, greater sales, partner and investment opportunities, and operational efficiency.
MAKE A BUSINESS CASE FOR PRIVACY
Rather than spending your remaining budget arbitrarily, be strategic and ask yourself the following questions:
What is your company’s business strategy and how does privacy play a role in that strategy?
Are there opportunities to streamline your privacy practice and make it more efficient? Should you implement privacy tools?
Should you get a “second pair of eyes” to identify risks for programs or services you recently initiated or are about to launch next year?
What are the risks if you are not proactive with your privacy program?
Is there enough privacy awareness at your company? Is privacy top of mind for staff? Does privacy have a voice at the CXO table?
IF YOU DON’T USE IT, YOU LOSE IT
Bamboo works closely with you to find low-cost, high-value privacy solutions that meet your company’s unique needs. Below are a few privacy solutions you can use with your remaining Q4 budget:
1. Privacy Check-Up
A Privacy Check-Up is a quick high-level privacy assessment to help you identify your privacy posture, privacy risks and actionable ways to remediate those risks. A Privacy Check-Up is an ideal assessment for small businesses that do not process a significant amount of personal data and are looking for a heat map. A Privacy Check-Up is a fast and efficient way to understand how to prioritize your privacy risks and plan strategically for your future budget and work effort.
2. Privacy Impact Assessment (PIA)
A PIA is perfect for companies that are about to launch or have recently launched a service or product that processes personal data. Depending on applicable legislation, a PIA may be a legal requirement or a due diligence exercise a company undertakes as a best practice. The purpose of the PIA is to identify privacy risks before the launch of a new or changed product, service or process and ensure compliance with the company’s privacy obligations. Neglecting a PIA until after the product or service is launched may result in the need to redesign the product or service to become privacy compliant. This will consequently result in additional costs and delays, not to mention business interruption.
3. Internal Privacy Policies & Procedures
As companies evolve and privacy regulations change, internal policies and procedures should be kept up to date and reflect the company’s new operations. Over the past year, many companies were thrown into chaos as a result of COVID-19, including remote working and new operations, such as setting up e-commerce capabilities. Many companies had to change their operations on the fly and now it is time for those companies to catch up on their policies to match their new operation. In addition, companies need to train their staff, not only on the new operations but also on their privacy and security responsibilities. Updated or creating policies and training are generally low-cost investments and can be an à la carte initiative, rather than doing it all at once.
4. Privacy Tools
We all know how unwieldy spreadsheets start to get when you begin populating them. Bamboo can advise you on automated privacy tools that can take this pain away. Bamboo can do the legwork to compare different tools that will suit your business at your desired price point, using our relationships, insights and knowledge about the best privacy tools. Privacy tools can assist in providing operational efficiency within the business. For example, consent management tools, off-the-shelf cookie banners, data map tools, and vendor management platforms can save your company money, reduce risks, and create efficiencies.
5. Creativity by Design
Companies that can demonstrate robust privacy practices and respect for their customers’ personal data have a competitive advantage. The keyword here is “demonstrate”. Companies should consider creative ways to demonstrate their commitment to privacy that is easy for the average person to understand. For example, a company can develop a Privacy Commitment page or “Trust Center” on its website. Privacy policies can also be developed in a non-traditional format such as a video or an infographic. You should also demonstrate to your staff the importance of privacy and create a privacy culture. One such way is to build an internal Privacy Hub or Privacy Centre of Excellence that allows your staff to easily access information about privacy at the company such as your privacy governance, tools, processes, definitions, instructions, videos, and privacy awareness.
Overall, your remaining Q4 budget can be used wisely to create a significant return on your investment but, more importantly, it can give privacy a voice at the table that it so rightly deserves.