Maciej Zawadziński: Often data-driven organizations see privacy compliance as an obstacle. Why is that?
Lisette Meij: Organizations often feel that there is a lot they cannot do with data because of privacy laws. Or they have the feeling that there is a lot of extra work involved in being compliant. “It’s probably not allowed because of the privacy laws” is a frequently heard phrase.
With the advent of the GDPR organizations felt that their entire way of working had to be changed, while actually many of the same requirements were already included in the predecessor of the GDPR. The GDPR did bring more requirements when it comes to the demonstrability of compliance. Ideally, we want to do a lot with data, without having to account for it. But if you use the right tools and inform consumers in the right way, a lot is possible with data.
Privacy, and therefore GDPR compliance, is increasingly being used as a unique selling point.
– Lisette Meij
Maciej Zawadziński: Can privacy compliance,at some point, become a competitive advantage? For example, can GDPR compliance be more than just a box to check off?
Lisette Meij: Privacy, and therefore GDPR compliance, is increasingly being used as a unique selling point. We have to comply with the law anyway, so it’s better to do it in a way that your organization benefits from it.
This benefit works both ways. By demonstrating to consumers how you guarantee their privacy is protected, trust is created. And confidence in your services is essential for success. By being transparent in how data is processed, and showing how you comply with the GDPR, you distinguish yourself in the market.
But it is also advantageous towards customers. If a supplier shows that privacy is guaranteed, then the customer knows that things are properly arranged. This makes a difference in negotiations and is nowadays often a standard topic in a request for proposal: demonstrate that you as an organization guarantee privacy protection. Therefore, GDPR compliance is a big business advantage.
Maciej Zawadziński: Fair trade programs and similar commitments by brands are being favorably received by consumers. Can privacy compliance also be this kind of brand value? Will consumers buy based on brands’ privacy values?
Lisette Meij: I think it is currently already favorably received by consumers. After all, we notice that privacy is becoming increasingly important among consumers. More and more complaints about poor handling of privacy are being submitted to the supervisory authority, and incorrect handling of personal data is the talk of the town these days. Think of major data breaches. Companies that violate privacy are pilloried.
Privacy is becoming an increasingly important consideration when choosing a particular brand. It is therefore not inconceivable that privacy will play an even greater role in the future, and may lead to a decisive choice for consumers.
Maciej Zawadziński: What is a “Privacy Verified” certificate and why have you decided to offer it?
Lisette Meij: The Privacy Verified certificate offers organizations the opportunity to demonstrate privacy and compliance. Through our certification program, privacy becomes a distinguishing position of an organization, and gives the opportunity to comply with all privacy laws and regulations in a practical way. An organization receives the Privacy Verified certificate if the certification program is successfully completed.
We started this program after an increasing number of clients asked us how they could demonstrate that they had had an external audit performed, and how privacy is implemented within their organization. A lot of time, but also money, was spent on incorporating data privacy in all processes. The question remained, however: how do we show our customers that we have organized privacy properly? Our certificate offers the solution. The certificate states the scope of our check, how an organization safeguards privacy, and when these safeguards will be checked again.
Whatever an organization’s motivation is, being able to demonstrate privacy protection / compliance offers many advantages and will play an increasingly important role.
– Lisette Meij
Maciej Zawadziński: What kinds of organizations are interested in the “Privacy Verified” certificate? What is their motivation for coming to you?
Lisette Meij: Our clients are in a wide variety of industries. From online web shops to web hosting companies. Each sector has its own rules and practices in the field of privacy. Our certification program is therefore always customized.
The motivation may come from various angles. For example, an organization may want to demonstrate that they handle customer data properly, in order to give the customer the confidence to choose their services. Another organization may be motivated by wanting to spend less time negotiating data processing agreements and answering questions about how privacy is safeguarded.
Whatever an organization’s motivation is, being able to demonstrate privacy protection / compliance offers many advantages and will play an increasingly important role. Therefore, make privacy work for your organization, rather than the other way around.
Lisette Meij (CIPP/E, CIPP/US, CIPP/A, CIPM, CIPT and FIP), is the director of Privacy Verified B.V.
While finishing a master’s degree in law with honors at the ‘Vrije Universiteit’ in Amsterdam, Lisette worked on subsidized research on how big data was being used in different jurisdictions. After that, her passion for privacy was triggered. She started to work at the law firm ICTRecht B.V. as a legal advisor specializing in privacy and big data.
With seven years of experience in the field, Lisette now serves as the director of the Privacy Verified project, helping organizations incorporate data privacy principles and benefit as a result. Her goal is to make sure organizations comply with the law, but always in a practical way. For Lisette, privacy law is a field that presents many possibilities for innovative approaches and creative solutions.