Privacy compliance is the new kid on the block.
It won’t be long before most states have privacy laws, and smart companies are taking the hint.
In fact, most organizations realize managing security and privacy compliance today is a full time job. Large companies with even larger budgets are supporting the increasing security threats by hiring Chief Information Security Officers (CISOs). These roles have been around for a while and are becoming more and more frequent thanks to the rise of cyberthreats like malware, which increased 54 percent in 2018.
And for the mid-market and SMBs who need the same help – but don’t have the budget to pay for it – Virtual Chief Information Security Officers (vCISOS) are the cost-effective answer. These top-tier security experts are paid on an as-needed basis.
What most people don’t know about vCISOS is that they’re only focused on protecting your data from bad characters and shady vendors. They aren’t responsible for privacy compliance, especially when it comes to the use and collection of data.
This is a completely different side of privacy compliance vCISOS aren’t able to address. In fact, you’ll need a dedicated privacy compliance person for these tasks.
Enter the Fractional Privacy Officer.
Different then the CISO or vCISO, the Fractional Privacy Officer is responsible for:
- Managing reporting on overall privacy tasks
- Maintaining & updating existing data inventories and creating new ones when necessary
- Ensuring the process for individual rights matches the company’s data
- Keeping up with new privacy laws including GDPR, CCPA and other pending state laws
- Completing a privacy review of new products and services
- Ensuring your company is properly trained on privacy matters
- Answering customer privacy questions and managing privacy notices
- Management of vendors for privacy compliance
- Building a privacy compliance mindset into the team culture
Truth is, these tasks are especially important to cover if you’re a small company that doesn’t have a dedicated employee to address privacy tasks.
That’s why we’re breaking down why a Fractional Privacy Officer is a must-have in the new age of privacy compliance.
Fractional Privacy Officer to the Rescue
Plenty of companies are seeing the benefits of outsourcing executive positions such as CFOs, CTOs, and now Chief Privacy Officer/Chief Compliance Officer.
The Fractional Privacy Officer takes the place of the last role.
Data privacy isn’t a set-it-and-forget-it task. And that’s why the Fractional Privacy Officer provides a sustained, proactive approach to privacy.
This person’s responsibilities cover every possible scenario when it comes to ongoing privacy compliance:
- Review existing data inventories & update them with any new changes
- Create a full-service action plan for compliance with GDPR, CCPA & new regulations
- Build and update custom privacy notices & privacy policies
- Manage the cookie consent process
- Oversee digital marketing compliance
- Execute privacy impact assessments
- Complete a privacy evaluation & strategy for new or existing products/services
- Monitor privacy laws and industry updates to keep you compliant
- Report custom privacy program metrics regularly
- Support your team with privacy management technology implementation
- Perform third-party assessments
- Administer individual rights implementation & testing
- Hold online or in-person team training
Laws, regulations, and policies are in constant flux. Privacy bills or bill drafts have been introduced or filed in at least 25 states and in Puerto Rico in 2019 alone. So are countries like Brazil (effective August 2020) and China.
And when most companies said it took seven months – or longer – to get GDPR compliance up and running, hiring someone to help prepare for the coming onslaught is a must.
A Fractional Privacy Officer can make sure you stay compliant by troubleshooting issues before they happen.
Perhaps you’re thinking about working with a third-party vendor or managing a significant amount of data for another company. Maybe it’s launching a new app, marketing campaign or product. Whatever your company goals, a Fractional Privacy Officer is the person who’s going to make sure you’re maintaining privacy compliance with every new project.
One mistake to avoid, though, is reassigning an existing employee these responsibilities.
Although this person will know the ins and outs of your company, he or she won’t have a working knowledge of privacy compliance. You risk missing important privacy-related milestones for your company. This topic is complex, and you need to hire someone who understands the best practices, terminology, and use cases across industries.
Hiring a Fractional Privacy Officer allows you to be proactive instead of reactive. And it gives you the benefits of a full-time, in-house privacy officer without the investment. Both of which keeps a lot more on your bottom line in the long run.
Fractional Privacy Officer vs. Data Protection Officer
With all the hubbub about the GDPR, you may be wondering what the difference is between a Data Protection Officer (DPO) and a Fractional Privacy Officer.
At first glance, they seem similar.
The GDPR requires certain companies to identify a DPO as a part of its legislation. This person is a data privacy expert who ensures compliance with GDPR policies and procedures and generally reports directly to company management or the company board.
But for the companies to whom the regulation applies, DPOs are responsible for overseeing a company’s data protection strategy and its implementation to ensure compliance only with GDPR requirements.
This person has a lot of technical and legal job requirements including:
- Experience in IT programming, IT infrastructure, and IS audits
- Legal expertise/independence
- An understanding of global business cultures
- Leadership and project management skills
On the other hand, a Fractional Privacy Officer is much more focused on the day-to-day operational execution of privacy compliance as it applies to all laws, not just the GDPR.
This means the Fractional Privacy Officer has a broader set of responsibilities compared to the DPO.
However, much like a Venn diagram, each position maintains distinct responsibilities while overlapping in some areas. They can exist at one company at the same time and be invaluable to the success of the privacy program. In fact, a large, multi-national company usually hires both a Fractional Privacy Officer and a DPO.
Conclusion: Privacy Planning for 2020
When each privacy law that’s arrived at your doorstep has seemed like an unwelcome guest, it’s hard to think past implementation.
But that’s exactly what you have to do.
It’s a new era for privacy and data compliance. Companies – large and small – have to plan accordingly. You’ve built the foundation with the GDPR and CCPA compliance.
Don’t let all your hard work crumble.
Now is the time to continue down the road to make your privacy program stronger. And the first step is making sure you have a knowledgeable pro to handle all your compliance efforts.
A Fractional Privacy Officer is a good place to start.
This person’s skills and time can be tailored to your needs, whether it’s a quarterly check-in, a monthly review, or a consistent place as a key member of your team.
If you’re not sure if you need a Fractional Privacy Officer or not, you’re not alone. Most companies ask themselves these questions to determine if it’s a good fit:
- Do we have the knowledge to deal with complex privacy regulations?
- Can we afford a full-time privacy officer?
- Do we have someone who can address privacy concerns as we grow and develop new products?
- Do we have a strategic data privacy mentor?
- Do we have someone who can keep tabs on what has to be done for privacy compliance?
If you answered no to any of these questions, a Fractional Privacy Officer would be a wise addition to your team. And if you’re still not sure what a Fractional Privacy Officer does or if it’s right for you, our team of experts can help you decide.