The entry into force of GDPR, along with other data protection regulations at global level, reflects our social recognition and awareness of privacy as a value. We are contributing more and more to the spreading of a culture of transparency and data ownership, where enhanced data protection becomes an integral part of a product or service, and not just a nice-to-have.
So now the question is, how do we meet this complex perception and the demand for value? Working in cross functional teams, where lawyers, agile coaches, developers, marketing, HR sit at the same table rather than working in silos, has proven to be key to ensuring that this value is embedded throughout the product’s life cycle, starting from its design.
How often are lawyers called in only at the end of the project for their greenlight, having to identify remediation actions that could have been anticipated in the design phase? How many extra hours of development and marketing efforts are then required to implement the legal advice, often losing the expected creativity? In these scenarios, starting all over again and spending more time to fix that which doesn’t meet compliance standards becomes the way of working. The loss of time, effort and opportunity is incalculable.
This keeps on happening because privacy is conceived as a problem reserved for lawyers. We don’t all work together but instead meet when our part of the job is finalized, and we just need to deliver the product or service. But compliance with GDPR is not a one-time thing nor is it a matter reserved for legal. It’s everyone’s responsibility so as privacy experts we need co-create with the business the right tools to implement GDPR in their everyday work, with a clear understanding of what they have to do.
Now try imagining what would happen if we actually anticipated these challenges and pain points by fixing them right away, in the creation phase of a project. We could save time, repetitive meetings, tensions, unilateral views, failures. The good news is that it has a name: legal design. It’s a mindset, an agile way of working that is human-centric and that allows us to solve problems creatively and by design. By empathizing with the business and understanding their different needs and pain points, we create a deep connection amongst teams and users, combining opinions and points of views that give us the big picture and not just disconnected approaches.
Giorgia Vulcano is the EU Privacy Counsel for Coca-Cola Europe and she serves as legal subject matter expert and counselor for the DPO Office in Brussels. Join her and her fellow panelists debating “Cross Team Collaboration & Privacy: challenges and best practices” at Last Thursday in Privacy on June 25.
To register, click here.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.