Effective data privacy management requires executive buy-in to build support for a privacy mindset company-wide. But for privacy managers, getting executive support is sometimes easier said than done. In this blog, we provide tips to help you grow stronger executive support for your initiatives by showcasing the value your work is delivering to the organization. 

Report on the right data

When looking to demonstrate the ROI of a privacy initiative, the first instinct for many privacy managers is to showcase the amount of “time saved.”. While this is a compelling metric to the privacy manager, it often won’t carry the same weight with their CISO or General Counsel. Security and legal leaders want to see evidence that the work you’re doing is helping ensure the business is 100% protected, whatever it takes. 

Instead of focusing on time saved, start by helping your leadership team recognize the stakes.

Visualize how consumer interest in privacy is growing

Provide a count of how many access, deletion, and do not sell/share requests you’re receiving month over month, especially if a certain type of request is growing – as they are for most brands. 

Illustrate your risk (or safeguards) from becoming past-due on a request

Showcase your average time to close tickets of each type compared to mandated response times (15-45 days dependent on request type and geographic region). This exercise should illustrate your current pace and relative risk for becoming past-due on a request. 

Map your system risk & system velocity

Depending on your company size, your security teams may be aware of 100-200 distinct systems in use, but employees touch far more systems than they put through the procurement process, and studies show that most companies’ real total system count is now around 1,500 or more. With DataGrail Live Data Map’s patented system detection capabilities, you’ll be proactively notified of every new system we identify in your inventory as well as its probable risk level, and you can spot your total count of systems from your dashboard at any time. 

Report on both your total systems count and how frequently new systems are being added to help your leadership team understand the company’s privacy footprint. If your brand deals in any sensitive and protected data, talk to your customer success manager about doing a deeper dive on data classification so that you can reflect on not only which systems contain PII, but the fields in which they live. 

Showcase progress on privacy automation

Manually resolving data subject requests can expose personal data to more systems (for example, email and support tickets) and risk falling out of compliance due to human error. Automating request processing and fulfillment using data privacy management software ensures far greater confidence in your compliance. Consider including the percentage of your first and third party systems that have been fully automated. Alternatively, you can report on the percentage of requests that required no manual intervention at all, through the use of automated workflows and integrated systems. 

DataGrail’s integration network can automate data access and deletion in third party systems without any manual intervention, and the DataGrail internal system integration can do the same for on-premises data. When you take full advantage of these features, you have more time available to take on larger and more strategic privacy projects, so be sure to report on the success of those initiatives as well. 

Report regularly

To build a stronger relationship with your leadership team, report on these metrics on a quarterly basis. While your presentations or reports are quarterly, make sure your data reflects trends month over month – this will help capture the impact of regulation changes and other privacy events. As you mature your privacy program, you’ll ultimately want to capture year over year trends analysis on these factors to better demonstrate your overall progress without the noise of individual policy events. 

It’s common for Chief Information Security Officers and General Counsels to be closely engaged during the search for a privacy solution and then shift their focus back to other priorities. Make sure they don’t miss the great work you’re doing by ensuring you get directly in front of leadership at least twice a year to review trends and major milestones. Maintaining a close and consistent relationship will help you get the support you need to create a world-class privacy program.