Getting Started

A Structured Approach to Privacy Management

Many privacy and data protection Regulators around the world have written guideline papers that promote the building of a privacy management program. However, these guideline papers do not address how to resource the building and maintaining of privacy management throughout the organization. Privacy offices grapple with the challenge of finding enough resources to allocate for privacy management.

The challenges include communicating organizational privacy management, leveraging and motivating individuals throughout the organization, and justifying the business case to obtain the necessary resources. Even then, how to best allocate the available resources to maximize privacy management has historically been more of an art and less of a systematic approach. Whoever is assigned the responsibility for privacy in the organization, be it the Privacy Officer or an individual with some other title, that person has the initial challenge of asking “Where do I start?”


Three Steps for Getting Started with Structured Privacy Management:

> Step 1: Baseline
Baseline existing privacy management and resources available in the organization. 
> Step 2: Strategy
Select from two strategies: Compliance Strategy or Accountability Strategy
> Step 3: Plan
Create a plan based on the resources available and the Strategy selected.

The structured approach to getting detailed in this manual is based on three elements

This manual is supported by Nymity’s practical Privacy Management Accountability Workbook “Workbook” to help you implement structured privacy management throughout your organization. Together, they help Privacy Officers create a definitive privacy management program, justify additional resources, and best allocate the resources to effectively achieve the privacy management strategy established by the privacy office.

The organization maintains effective privacy management consisting of ongoing privacy management activities.
An individual is answerable for the management and monitoring of the privacy management activities.
Documentation enables demonstration of ongoing maintenance of privacy management activities.