"We Are 100% Compliant"
"We are 100% compliant”, we sometimes hear - even though describing what this means in theory is a big task, and achieving it in practice is even more difficult. Thinking that you are 100% compliant can be a pitfall, because acting in accordance with the applicable privacy laws and regulations is a continuous process and not a one-off procedure.
But why is that so?
Organisations are constantly changing. For example, new functions with adapted access to different systems are added, new marketing campaigns are launched, or the payroll administration is outsourced to a processor. The processing of personal data is therefore constantly changing, and the procedures and documentation have to be adapted accordingly. Consider, for example, updating the privacy statement, the privacy policy and the register of processing operations or concluding a processing agreement.
Not only do organisations change, but the world around them changes as well. And by this we particularly mean advances in technology, such as big data analyses, new website features, and the interconnectedness of digital devices. This means that an organisation must periodically check the security measures to see if they are still appropriate.
Therefore, creating awareness that fits the tasks of the employee and is in line with company policy and safeguards is important. Setting up an awareness-raising programme can contribute to this.
For more information about creating awareness, contact us!