Chief Privacy Officers who aren’t scaling well past the startup stage are the ones who typically have the following characteristics and you should look for some of these telltale signs.
First, if your Chief Privacy Officer looks at you sideways when you ask for a strategy or even a mitigation plan for a breach, then you might have a bigger problem than the fact that you don’t have a plan. While we like to talk about things like Privacy by Design and using data protection as an offensive strategic weapon, the reality is that Chief Privacy Officers need to have actionable plans in place at all times for the areas where they judge your company to be the most vulnerable. If you ask to see the plan or get briefed on it and you get back a blank stare, you know you have a reactive person on your hands for what needs to be a thoughtful proactive role.
Second, you might have a Chief Privacy Officer who is not scaling if they would rather lecture you on GDPR than talk about why your data protection plan will win business. Privacy people can be geeky, legally-oriented, policy-focused and very technical. All that is well and good but there is so much more that a great Privacy Officer can do. For example, if your Chief Privacy Officer can’t engage in strategy with you and other executives and understand the levers of your business and how their role can help further them, you may as well use an outside law firm instead of taking up a valuable seat at the table internally.
The Privacy team can be small and somewhat insulated from the business, but your Chief Privacy Officer needs to be able to engage the entire company, they need to be thinking strategically about the business, and they need to have short- and long-term plans in place for contingencies and forseeable roadblocks. If they can’t bring these skills to the table at startup scale, how can they bring them to the table when things really take off?
(You can find this post on the Bolster Blog here)