Performs initial and periodic information privacy risk assessments and recommends mitigation and remediation efforts. Conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
Develop a procedure for conducting an organizational privacy risk assessment across business units (including human resources, sales, marketing and product development). The privacy risk assessment is a prerequisite for further development of an Organizational Privacy Program, in which the Privacy Officer creates and oversees individual business unit privacy and security self-assessments, business process reviews, process improvements, communications and training. The risk assessment process enables the Privacy Office to identify and prioritize privacy and security gaps across the organization and manage the privacy program for risk mitigation, compliance and to increase brand reputation and customer trust.
Monitor documents and reports metrics with respect to data protection complaints for the purpose of:
- Measuring the effectiveness of the privacy office in resolving complaints;
- Determining the cost of resolving data protection complaints; and
- Analyzing metrics around the types of complaints to determine business practices that raise data protection concerns.