Privacy can't be solved just by putting your information security in order and creating a bunch of guidelines for the employees. Privacy is born not only from the overall principles in technology, product and service concepts, and the company's operations, but also from people’s numerous decisions in everyday work. Do I send the customer data for the campaign as an email attachment, do I save reports with personal data on a memory stick?
Our attitude affects both the small and the more major deeds. What is your company’s approach to privacy? How do individual employees perceive it? If privacy is considered as just one more compliance requirement, you are already on the wrong path; then it's too easy to think that it doesn’t matter to your customers what you do with their data. Let's collect this information, and let's use it for that. There were some guidelines somewhere how to do this, but who cares?
The answer is: everyone should care. Terms such as "data protection" can mislead you into thinking it's all merely about technical data management. But the drivers for the European data protection regulation are individuals' fundamental rights and freedoms. Thus "privacy" is indeed more descriptive here: it's about people's right to privacy, which is even found in the United Nations' universal declaration of human rights. Companies and their employees do not have the right to collect any personal data they want and do with it what they will, and this is written down in legislation.
There are plenty of other laws that regulate companies' operations, and in general requirements for e.g. accounting, bank secrecy, and product safety are taken seriously. We should aim for the same level of coverage with data protection regulation. But not only because it's the law and massive sanctions can be imposed to those who don't obey. The law is not a necessary evil, but it's not the boogeyman either. Protecting the personal data of individuals is about respecting those individuals. When you take on this view, it becomes easier to understand why privacy is so important. Respecting the privacy and the data of your customers should be a self-evident part of managing your customer relationships.
If you can engrain this attitude into your company culture, you gain new speed for your privacy efforts. Even when compliance with legislation is a goal, your employees may more easily find motivation for nurturing customer relationships than for ticking boxes in a compliance checklist. When more people want to bear the responsibility, privacy will be implemented more efficiently and more fully. How can we get this positive attitude change started in your company?