Articles

5 Ways Privacy Pros Can Foster Collaboration Across the Business

Written by Matt Davis, CIPM (IAPP) | October 31, 2024

We've all heard the saying, "Teamwork makes the dream work," but for privacy professionals, this isn't just an inspirational quote⁠—it's a necessity. Specifically, collaboration with colleagues in security; privacy; and governance, risk, and compliance (GRC) teams is paramount. Forging stronger ties with your colleagues in these departments will enable you to execute privacy tasks faster and more effectively, and it’ll get others in the organization interested in your mission to protect the business and customers alike.

So, how can privacy professionals better collaborate with colleagues to address global regulations, attract customers, and secure business deals?

At Osano, we hear a lot of recurrent themes from privacy professionals, one of which is that their role can be siloed within the organization. In fact, we hear this theme so much that it became the central topic of our panel discussion during Osano’s Privacy Pro Survival Summit. You’ll see and hear insights from the expert panelists at the summit throughout this blog.

1. Play the Role of Business Advisor

Privacy professionals should perceive themselves as business advisors rather than corporate watchdogs. This shift bridges the gap between privacy teams and the rest of the organization, fostering a better understanding of the business's biggest problems.

Like security or legal, there’s a perception that privacy is the function of “no”—there can be some trepidation to get the privacy team involved because folks believe privacy pros will block their progress. By positioning yourself as an advisor instead, you can show up as the person that gets the team to “yes.” You shouldn’t just point out obstacles; you should show your colleagues how to overcome them too.

During Osano’s Privacy Pro Survival Summit, Christian Hyatt, Co-Founder, and CEO of Risk3Sixty provided us practical advice on how privacy professionals can be better business advisors. Christian suggests aligning your privacy goals with the business objectives like revenue generation, risk management, customer trust-building, or cost reduction—the best target for you will depend on the unique priorities at play in your organization.

As a privacy professional, you're not merely a ticking box but an active contributor to the business's growth and resilience. This perspective shapes your interactions and decisions, promoting constructive collaboration.

2. Be Human

If your colleagues can’t trust you as a person, how are they going to trust you as a professional?

There’s no shortage of tasks to complete as a privacy professional, so it can be tempting to be prescriptive with your colleagues. There are assessments to complete, consents to manage, subject rights requests to fulfill, and more. But if you want your colleagues to work with you, you need to be perceived as a friendly ally rather than an austere auditor.

Don’t simply send emails or requests from your corner office. Roll up your sleeves and get involved in regular interactions, workshops, and brainstorming sessions. Consider “bribing” your colleagues with a free lunch where they can pick your brain on data privacy. At Osano, we host a regular, optional meeting called Privacy and Puppuccinos, where coworkers can bring their most pressing questions to our privacy experts, enjoy a cup of coffee, and show off their pets on camera.

If part of your goal is to build a culture of privacy, encourage awareness, and facilitate compliance across the organization, activities like these can pay serious dividends. Remember: It’s often not about what you say that drives outcomes, but how you make others feel.

3. Personalize Privacy Communication

Even if you’re trained in data privacy, understanding the nitty-gritty of privacy regulations and best practices is a challenge. If you’re a privacy pro, it’s crucial to understand how much easier it is for you to grasp the importance of data privacy compared to a layperson. Not only do you have the training, but you also have the desire to understand privacy.

We need to keep in mind that different people and different functions are invested in different outcomes, such as reputation, customer satisfaction, financial risks, and human rights. There’s nothing wrong with having people at your organization who don’t care about data privacy per se; but the chances are good that data privacy is relevant to aspects of the things they do care about.

During the summit, Mark Sward, VP and Global Head of Privacy at Sterling, emphasized how tailoring privacy communications based on his audience's unique interests and concerns helps him achieve privacy outcomes faster.

So, don't adopt a one-size-fits-all approach. Instead, tailor your messaging around privacy to resonate with the specific audience you're addressing. Not only will your audience be quicker to understand the value of privacy when it’s related to their area of expertise, but they’ll be more likely to act on your recommendations. You might even learn something about the other functions at your organization, which will improve your ability to drive compliance outcomes across the business.

4. Keep Open Channels and Provide Continuous Education

It’s possible that your colleagues will understand your message immediately, but it isn’t likely.

Set up a regular, repeating cadence to your privacy communications. A weekly or monthly internal newsletter can help you call out privacy stories relevant to your industry, highlight privacy practices relevant to your products or services, and more. Not only will this reinforce your message with longstanding colleagues, but it also serves as a means of onboarding new coworkers.

When you keep privacy in the conversation in this way, the odds are that somebody’s going to have questions. They might be about to start a new project, and your continuous education might inspire them to wonder about the privacy implications.

For cases like these, make sure colleagues have a way of getting in touch with you. One approach is to hold a regularly recurring meeting on your calendar and invite the whole organization or department as optional attendees. This can be your “privacy office hours,” where anybody can drop in on a Zoom or Teams call and chat about what’s on their mind with you. Sometimes it’ll just be a quiet hour to get some extra work done; other times, it’ll be an opportunity to provide critical guidance that might not have been available to your coworkers otherwise.

5. Stay Grounded in the Customer

No matter who your customers are, privacy matters to them.

If you’re in the B2C space, consumers are increasingly aware of and asking about the privacy ramifications of their purchases. In fact, McKinsey reports that 71% of consumers surveyed would stop doing business with a company if it mishandled their sensitive data. This isn’t just talk, either; a Pew Research Center Survey found that 52% of consumers already have stopped buying from a company due to privacy concerns.

In B2B, other organizations are subject to data privacy regulations of their own and want to make sure that the businesses they buy from aren’t going to raise their risk profile or put them out of compliance.

This means that privacy can be more than just a cost center to the business—because customers care about privacy, privacy can be a revenue driver. If you want your colleagues to understand the value of data privacy and embed data privacy into their day-to-day work, try to ground privacy in the needs of the customer.

At the Privacy Pro Survival Summit, Ashley Wyand, Director and Global Head of Security, GRC, and Customer Trust at Ciena, explained the benefits of this approach as well as some tips to quantify the value that privacy brings.

Remember: You’re Not Alone

Being a privacy professional can be a challenging juggle. But guess what? You're not alone. There’s a reason why they say teamwork makes the dream work.

Privacy compliance can’t happen in a vacuum, and by forging closer ties with your colleagues, you’ll not only enable them to stay compliant in their work, but you’ll also cultivate a deeper understanding of their roles and, by extension, the organization’s overall goals.

Sometimes, it’s nice to stay in the loop with other privacy professionals, too. At Osano, we try to do our part to create a community for privacy professionals through events like our Privacy Pro Survival Summit. If you want to stay in the loop about upcoming webinars, events, and networking opportunities, subscribe to our newsletter, the Privacy Insider!