Security and Privacy Working Together

Building a data privacy program can be difficult and daunting. There are many things you need to consider and some of the resources required are not usually accustomed to working together. Take for example the security and privacy/legal teams. These are two different functions and sometimes they have different corporate goals yet both are required to create a data privacy program. The former ensures the data is properly safeguarded and the latter navigates the many legal requirements around the data. Separately, neither has all the information or skills required to complete a “compliant” program so they must agree on how to structure the program, what to include in the framework, and then how to implement it.

So, to build a good data privacy program, they must work together. They must find common ground. If you start with identifying the data and understanding the need for it, you will be able to obtain buy-in from each of these teams.

Since we all know you can’t have privacy without security, once you’ve identified all the data and classified it, the security team will know where the most sensitive and valuable data is located, and they will be able to properly protect it. By knowing the type of data you collect - who it’s from (employee, customer, prospect), where it comes from (location), why you are collecting it (for GDPR this would be legal basis) - the legal team will know which laws you are subject to.

At the end of the day, we should all have the same goal - protect the personal data that our customers have entrusted us with. Let’s do it together!