Use the word “compliance” sparingly.

The reason for this is simple:  You can decide for yourself your organisation is compliant with data protection regulations right up until the moment the ICO tells you you’re not.

What is compliant in one situation might not be in another.  You might be compliant today but not tomorrow.  It is a fleeting notion, a fancy.  If someone is trying to sell you on the notion of compliance, walk away.

Instead, you should focus on readiness.  On achieving and maintaining that readiness.  Which means you have an active posture towards privacy and data protection.  A positive and sustainable capability.  Underpinned by outsourced services which mean you can get on with putting your readiness to good use.  When you need it, it’s there.  When you’re considering taking risks, it’s ready to assess and advise.  So you can make informed decisions, which is what good managers do.

You see how this works?  The notion of raw compliance is a conceit.  You risk locking yourself to the wrong behaviours.  Readiness enables your entire organisation to take advantage of the opportunities you find.  It’s flexible and adaptable to the way you do things.

The best part is when you outsource the work properly.  This state of readiness can be yours – all of the advantages, none of the grind.