![\"CIPM](\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\")
Privacy Pro real-life experience<\/p><\/div>\n
Let’s imagine the situation:<\/p>\n
- \n
- I’ve been assigned the task of leading the privacy program<\/strong> for a company;<\/li>\n
- I meet the Boarding Members for the first time, explaining them how I will accomplish my task;<\/li>\n
- I start asking which are the core values of the entity<\/strong>, regarding to the privacy<\/strong>.<\/li>\n<\/ul>\n
This is the moment when, normally, the stakeholders look each others dazed and confused<\/em>: it seems that I’ve been speaking in Greek<\/em> (I should I could).<\/p>\n
Vision and Mission<\/h2>\n
“Ok, my bad. Let’s start from scratch<\/em>“. During my long experience in the data protection<\/strong> and data privacy<\/strong> domains, I have learned that ethereal concepts (like “core values<\/em>“) can be misinterpreted by your stakeholders. Generally speaking, they prefer to have a solid reference, in order to provide you a clear answer.<\/p>\n
This is the reason why I rephrase my question in something more digestible<\/em> like:<\/p>\n
“Why is privacy<\/strong> important for your business? And, please, don’t tell me <\/em><\/p>\n
that you invest your money in security<\/strong> and the privacy compliance<\/strong> areas because you’re afraid of the fines<\/em>“.<\/p>\n
Statistically, it is unlikable that your company will be fined because of the GDPR<\/strong>. There are literally millions<\/em> of companies out there and the Data Protection Authorities (aka DPAs<\/strong>) have limited resources. So, unless you do something very bad<\/strong>, you will avoid monetary sanctions that, on the other hand, shouldn’t be the trigger for your privacy program<\/strong>.<\/p>\n
Essentially, what I am looking for is the real reason why a company decides to invest in a privacy program<\/strong>. That leads me to understand the famous Vision and Mission<\/em> statement. Those words should be represented by a short sentence, answering the previous question, in an honest way. If you run out of ideas, you should call us<\/strong><\/a>. We are your\u00a0Privacy Manager in Spain, Europe<\/strong>. We will find the right way to rethink about your values and align them with the privacy<\/strong> strategy.<\/p>\n
Privacy Governance: The Scope<\/h2>\n
Basically, defining the scope means:<\/p>\n
- \n
- To inventory<\/strong> the personal data processed;<\/li>\n
- To identify the laws<\/strong>, regulations<\/strong>, contract obligations<\/strong> and sector best practices and standards<\/strong> (if any) applicable.<\/li>\n<\/ul>\n
Of course, I have my personal view about the inventory of personal data processed. There are several tools that (they say) can scan all your repositories and found all the personal data stored in them. It’s ok to have those (expensive? maybe) tools. But the point, in my opinion, is: if you need a software to scan and understand what you should have understood by default<\/em>, you might have a serious privacy problem<\/strong>. Using tool like the mentioned above is admitting that your organization doesn’t even know what kind of personal information it has.<\/p>\n
Franckly, it doesn’t look like a promising starting point. But, still, it is a start…<\/p>\n
<\/p>\n
Privacy Governance: The Framework to accomplish the Mission<\/h2>\n
For instance, if you are a company based in Europe, you may use, the ISO 27701<\/strong><\/a> standard, from the ISO 27001<\/strong> family (I know, I know, frameworks and standards are different…).<\/p>\n
On the other hand, if you are an American company you may be interested in the NIST Privacy framework<\/strong><\/a>. But, if you really want to play the big game<\/em>, take a close to the COBIT<\/strong><\/a> framework. Which one is my favourite? Although all of them are well accepted guides, I have my own way of work; but I’m always keen on listening to your needs and see what suits your company best. Fancy a virtual cup of tea\/coffee<\/strong><\/a>?<\/p>\n
<\/p>\n
A Governance model: what is your Vision?<\/h2>\n
Traditionally, you can opt for one of the following models:<\/p>\n
- \n
- Centralized<\/strong>: it works good if you have a hierarchical structure and you are lucky enough to have a direct line of reporting only to the Chief Privacy Officer<\/strong>;<\/li>\n
- Decentralized<\/strong>: very useful if you have different decision-makers for different areas. You can tailor your privacy<\/strong> solutions, according to the specific needs of the final stakeholder. But, be careful: you can easily lose the track of your privacy program and have contradictory solutions;<\/li>\n
- Hybrid<\/strong>: a\u00a0Frankenstein<\/em> combination of the previous one.<\/li>\n<\/ul>\n
<\/p>\n
Subsequently, you can choose whatever Governance model<\/strong> you want, as long as:<\/p>\n
- \n
- it suits the company you work for;<\/li>\n
- stakeholders have accepted and supported them<\/li>\n
- the model is known by anyone.<\/li>\n<\/ul>\n
Remember: a solid Privacy Governance<\/strong> is based on a consistent general Vision<\/strong> and strategic Mission<\/strong>.<\/p>\n
If you are not sure about which one suits you better, call us: we’re here to help you.<\/p>\n","protected":false},"excerpt":{"rendered":"
Privacy Governance: Vision and Mission When talking about the Privacy Governance concept, the importance of having a consistent Vision and Mission statements, I must admit that, sometimes I have exactly the same feelings described in the image published below (once again, thank you for the sticker IAPP). Let’s imagine the situation: I’ve been assigned the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[70,71,72,74,73,75,110],"tags":[76,112,24,77,78,79,69,111],"class_list":["post-242","post","type-post","status-publish","format-standard","hentry","category-data-protection","category-general-data-protection-regulation","category-goverance","category-is0-27701","category-iso-27001","category-nist","category-privacy-manager-in-spain-europe","tag-data-protection","tag-europe","tag-gdpr","tag-iso-27001","tag-iso-27701","tag-nist","tag-privacy-governance","tag-privacy-manager-in-spain"],"acf":[],"yoast_head":"\n
Privacy Governance Vision and Mission - Amedeo Maturo - English<\/title>\n<meta name=\"description\" content=\"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Governance Vision and Mission - Amedeo Maturo - English\" \/>\n<meta property=\"og:description\" content=\"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/\" \/>\n<meta property=\"og:site_name\" content=\"Amedeo Maturo - English\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-22T11:16:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-31T07:29:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\" \/>\n<meta name=\"author\" content=\"Amedeo Maturo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amedeo Maturo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/\"},\"author\":{\"name\":\"Amedeo Maturo\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"headline\":\"Privacy Governance Vision and Mission\",\"datePublished\":\"2021-06-22T11:16:06+00:00\",\"dateModified\":\"2022-03-31T07:29:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/\"},\"wordCount\":808,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\",\"keywords\":[\"Data Protection\",\"Europe\",\"GDPR\",\"ISO 27001\",\"ISO 27701\",\"NIST\",\"privacy governance\",\"Privacy Manager in Spain\"],\"articleSection\":[\"Data Protection\",\"General Data Protection Regulation\",\"Goverance\",\"IS0 27701\",\"ISO 27001\",\"NIST\",\"Privacy Manager in Spain Europe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/\",\"name\":\"Privacy Governance Vision and Mission - Amedeo Maturo - English\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\",\"datePublished\":\"2021-06-22T11:16:06+00:00\",\"dateModified\":\"2022-03-31T07:29:15+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"description\":\"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\",\"contentUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-governance-vision-mission\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Governance Vision and Mission\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\",\"name\":\"Amedeo Maturo - English\",\"description\":\"Otro sitio m\u00e1s de Amedeo Maturo - Multisite\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\",\"name\":\"Amedeo Maturo\",\"sameAs\":[\"http:\\\/\\\/www.amedeomaturo.com\"],\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/author\\\/amedeomaturo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Governance Vision and Mission - Amedeo Maturo - English","description":"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/","og_locale":"en_US","og_type":"article","og_title":"Privacy Governance Vision and Mission - Amedeo Maturo - English","og_description":"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer","og_url":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/","og_site_name":"Amedeo Maturo - English","article_published_time":"2021-06-22T11:16:06+00:00","article_modified_time":"2022-03-31T07:29:15+00:00","og_image":[{"url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png","type":"","width":"","height":""}],"author":"Amedeo Maturo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amedeo Maturo","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#article","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/"},"author":{"name":"Amedeo Maturo","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"headline":"Privacy Governance Vision and Mission","datePublished":"2021-06-22T11:16:06+00:00","dateModified":"2022-03-31T07:29:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/"},"wordCount":808,"commentCount":0,"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png","keywords":["Data Protection","Europe","GDPR","ISO 27001","ISO 27701","NIST","privacy governance","Privacy Manager in Spain"],"articleSection":["Data Protection","General Data Protection Regulation","Goverance","IS0 27701","ISO 27001","NIST","Privacy Manager in Spain Europe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/","url":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/","name":"Privacy Governance Vision and Mission - Amedeo Maturo - English","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#primaryimage"},"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png","datePublished":"2021-06-22T11:16:06+00:00","dateModified":"2022-03-31T07:29:15+00:00","author":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"description":"privacy governance vision mission IAPP GDPR DPAs ISO 27701 NIST Privacy framework COBIT Chief Privacy Officer","breadcrumb":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#primaryimage","url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png","contentUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2021\/06\/2013_IAPP_akward_moment_2x4-rectangle-sticker-template2013-01-300x150.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-governance-vision-mission\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amedeomaturo.com\/en\/"},{"@type":"ListItem","position":2,"name":"Privacy Governance Vision and Mission"}]},{"@type":"WebSite","@id":"https:\/\/www.amedeomaturo.com\/en\/#website","url":"https:\/\/www.amedeomaturo.com\/en\/","name":"Amedeo Maturo - English","description":"Otro sitio m\u00e1s de Amedeo Maturo - Multisite","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amedeomaturo.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b","name":"Amedeo Maturo","sameAs":["http:\/\/www.amedeomaturo.com"],"url":"https:\/\/www.amedeomaturo.com\/en\/author\/amedeomaturo\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/comments?post=242"}],"version-history":[{"count":2,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/242\/revisions"}],"predecessor-version":[{"id":282,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/242\/revisions\/282"}],"wp:attachment":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/media?parent=242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/categories?post=242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/tags?post=242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Decentralized<\/strong>: very useful if you have different decision-makers for different areas. You can tailor your privacy<\/strong> solutions, according to the specific needs of the final stakeholder. But, be careful: you can easily lose the track of your privacy program and have contradictory solutions;<\/li>\n
- To identify the laws<\/strong>, regulations<\/strong>, contract obligations<\/strong> and sector best practices and standards<\/strong> (if any) applicable.<\/li>\n<\/ul>\n