At TDC NET they have a strong privacy and security culture. No system or vendor enters the network without being thoroughly vetted by both data protection and information security. This happens due to a governance model that is anchored in the organisation and has buy-in at top management.

TDC NET provides a great part of the digital infrastructure in Denmark, through fixed-line and mobile networks.

In this podcast, Jacob Høedt Larsen, talks to Head of Privacy Compliance, Mona Persson about how they make it work.

They discuss:

1. How the governance model is set-up
2. How a new system or a new vendor goes through the governance process
3. What it takes to make it all work

You'll gain practical insights into how to set-up your own process.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

The Powerpoint-presentation: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Webinars/Pr%C3%A6sentation%20til%20andre%20BU%20-%20Wired%20(english).pptx.pdf

Follow Mona Persson on Linkedin: https://www.linkedin.com/in/monapersson/

In this podcast you get a 7-step cheat sheet to securing buy-in for your data protection programme.

Get the presentation here: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Presentations/20240425_masterclass_DPIA%20securing%20buy-in.pptx.pdf

The steps are:

🎯 What do you really want?

🌍 What do they think about this right now?

🎤 What will they lose by not doing what you think?

🗞 Where can you reach them?

👯 Who will support you?

🧠 Speak to the mind … and the gut

📅 Get organised

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

The DPIA process is important. In this podcast we look at it from the organisational perspective. How do you make it work - not legally or technically - but organisationally.

You find the presentation here: https://3963040.fs1.hubspotusercontent-na1.net/hubfs/3963040/Presentations/20240405_masterclass_DPIA.pptx.pdf

It:

• Supports good decision-making,
• Good governance
• Compliance
• Often no DPIA is required – documents the non-action
• It is also good practice to do a DPIA for any other major project which requires the processing of personal data. (ICO)

However, data protection often doesn't now when a new system is coming on board.

It is a cultural issue and we have to do many things to chance it:

• Training and awareness
  • Don’t forget VIP’s
• Let’s put it in a policy (and get it out there)
• Hybrid organisation and ambassadors
• We have a process (or more)
• We have buy-in
• Ask…

That is what you'll learn about in this podcast.

Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com

Wired Relations is a GRC solution - tailored for privacy and information security.

We help organisations turn fragile privacy and information security into sustainable GRC programmes.

We focus on four things:

• Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
• Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
• Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
• Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.

Shifting Privacy Left is a conscious effort to embed privacy practices earlier in the development life cycle to prevent privacy harms and data breaches from forming, Privacy Tech Advisor Debra Farber says.

In this interview Debra Farber and I discuss what Shifting Privacy Left does, how it helps organisation, what competencies are needed and how it is implemented.

My take-aways from the interview:

• Privacy requirements should be table stakes and functional product requirements, not something that comes from legal or the privacy team.
• Privacy by Design is the strategy, Shifting left is the implementation.
• It's a cultural shift which requires upskilling. Today, most developers, don't think privacy is their responsibility. Therefore, they should learn about privacy and data protection.
• Shifting Privacy Left can solve problems, lessening the compliance burden down the line.

You host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/

Debra J. Farber is a globally-recognized Privacy, Security and Ethical Tech Advisor and Principal and Host of The Shifting Privacy Left Podcast.

The Shifting Privacy Left Podcast: https://shiftingprivacyleft.com/audio/8323

Sustainable Compliance is brought to you by Wired Relations - read more about here: https://www.wiredrelations.com

Making a Data Protection Impact Assessment (DPIA) on Google Workspace for schools is a huge undertaking. In Norway they've decided to collaborate on it.

Today, Jacob Høedt Larsen, talk to project manager, Ida Thorsrud, about the project and learnings from it.

Some take-aways:

• It has been possible to co-operate with Google in the proces, something that Ida has never experienced before
• Parents, teachers and pupils are involved and give the project team a much better view of risks to the "data subject"
• Project participants learn a lot from the process that can be put to use in their everyday job
• Responsibility lies with the municipalities. Therefore, the project aims at making it 80 % ready.

You can follow the project by subscribing to their English newsletter:
https://nyhetsbrev.ks.no/p/s/MTk4ODA6ZmUyZjg3ZTQtYWZmYS00NGZjLWE2MzItYmNkNjFlNmEyOTBm

Follow your host, Jacob Høedt Larsen, on Linkedin for more news and views on Sustainable Compliance: https://www.linkedin.com/in/jacobhoedtlarsen/

Sustainable Compliance is brought to you by Wired Relations - read more about us here.

From tick-the-box compliance to balanced decision-making
In this episode we'll go deeper into the second trend of Sustainable Compliance and look at why things are changing from a mindset of "tick-the-box compliance" to a "balanced decision-making". We'll also share learnings on how to get there.

Why tick-the-box compliance is not a great idea.

• 💵 Calculating 4 % of global revenue for fines does not make sense anymore.
  • To most companies discovery risk is low, and the level of fines have never reached that level.
• 👮🏻‍♀️Management buy-in should not be based on fear of fines.
  • It should be based on how the privacy program positively benefits the organisation.
• 📚 Legal requirements are important.
  • So are the demands and wishes of our customers, colleagues, local community and other stake holders.
  • We should broaden the scope of our privacy compliance.
• 💻 Spread sheets are great for many things (I'm told).
  • They proved less optimal for privacy compliance because keeping them up-to-date became a hassle. Many have not been updated since 2018.
• ✅ Tick-the-box compliance is dying. And we shouldn’t lament that.
  • Instead, let’s replace it with making balanced decisions on data compliance taking the law, value creation and public expectations into account.
• 😇 Feeling good about your job is important.
  • However, only feeling good when you ARE compliant will make you feel miserable most of the time.
  • Let’s feel great about the process of compliance.
• 🧑🏼‍💻 And finally. Data compliance is real work and provides benefits to the organisation.

Follow your host, Jacob Høedt Larsen, on Linkedin: https://www.linkedin.com/in/jacobhoedtlarsen/

Read more about the cooperation problem, Officers and Operators on our blog: LINK

Sustainable Compliance Live is a weekly show and you’re invited. Subscribe to our newsletter and get the agenda every week: https://www.wiredrelations.com/datasustainability#data-sustain-form

The five trends of Sustainable Compliance are:

Trend # 1 From centralized authority to company-wide collaboration

Trend # 2 From tick-the-box compliance to balanced decision-making

Trend # 3 From problem-oriented to solution-oriented

Trend # 4 From legal thinking to strategic involvement

Trend # 5 From managing data subject to caring about people

Lack of collaboration with your organisation is detrimental to your privacy and infosec programme.

If you’re unable to create a climate of collaboration within your organisation, you will be less effective as a compliance pro AND data protection and information security will suffer.

The solution: Officers and Operators.

This is what we discuss in this episode of Sustainable Compliance Live, a weekly online show from Wired Relation where we discuss sustainable compliance.

Follow your host, Jacob Høedt Larsen, on Linkedin: https://www.linkedin.com/in/jacobhoedtlarsen/

Read more about the cooperation problem, Officers and Operators on our blog: LINK

Sustainable Compliance Live is a weekly show and you’re invited. Subscribe to our newsletter and get the agenda every week: https://www.wiredrelations.com/datasustainability#data-sustain-form

The five trends of Sustainable Compliance are:

Trend # 1 From centralized authority to company-wide collaboration

Trend # 2 From tick-the-box compliance to balanced decision-making

Trend # 3 From problem-oriented to solution-oriented

Trend # 4 From legal thinking to strategic involvement

Trend # 5 From managing data subject to caring about people

In this live episode of Sustainable Compliance we take a look back on how the compliance landscape has changed over the years and gather the trends that we see in this space now.

Jacob Hoedt Larsen starts by taking us back to the days when he worked in a candy factory that was implementing some of the first IT systems through the times of mass adoption of systems to now. We will see how the role of the compliance function has changed over time to become involved in much more that just the legal aspect.

• Trend # 1 From centralized authority to company-wide collaboration
• Trend # 2 From tick-the-box compliance to balanced decision-making
• Trend # 3 From problem-oriented to solution-oriented
• Trend # 4 From legal thinking to strategic involvement
• Trend # 5 From managing data subject to caring about people

For more information about Sustainable Compliance, visit our website

Follow Jacob Hoedt Larsen on LinkedIN