I work in HR and collaborate with our privacy team on a non-scheduled recurrence. Every now and then I get emails to fill forms in, or our privacy lead will ask for an ad hoc sync to see if we have changed anything. It all feels a bit disjointed and I would like to help in a more structured way. Any suggestions for what I can do on my end to be more helpful?
HellenB
Firstly, I think it would be useful to have regular scheduled catch up meetings – monthly would be good. My best advocates in client companies are usually from the HR team, because you work in a very regulated environment, are used to keeping confidences and also because you have a real insight into the working mechanisms of the business.
It would be good to pitch it to the privacy team as a way of finding out where there are sticking points with their operations, where additional data protection training can be incorporated into other things like onboarding rather than being stand alone and how you can champion their efforts as being positive rather than negative sum for the business.
Chris Roberts
Privacy is the business of all departments not just legal or the DPO office. Creating an effective culture, remains in my experience, one of the biggest challenges. When teams work as HellenB and Karen B suggest results can be spectacular. My general philosophy is to try to engage teams in small but regular reviews of the many aspects of privacy that surface. Good, regular communication is the foundation but this usually has to be driven from the top down. Can you willing/able to share any more of your situation so we can all comment further?
Karen B
Hello,
If they have monthly meetings with senior management where they report issues, you need to be involved in those discussions. We went through the ISO 27001 process and having regular Information Security Forums with Senior Management, Finance HR etc etc proved very effective in promoting data protection and information security across the business.
If they don’t have monthly meetings in place – you set the dates and invite them so you can raise concerns you have. Make sure the meetings are minuted