This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


How to Build a Privacy Program

DeAndrea Salvador, November 9, 2021

At DataGrail, we believe privacy is a human right, and the increase in privacy laws has thrust data privacy to the main stage. How a company approaches data privacy and building a privacy program can make or break long-term sustainability & customer willingness to buy. However, have no fear. It is easier than ever to create a robust privacy program—with the right suite of tools and processes by your side.

Privacy reports and programs require special consideration and safeguards so they can adapt as regulations change. Our privacy compliance checklist answers this need by providing nine steps we observe top companies following that deliver on their promise of privacy and cultivate trust with their customers.

Why Is Data Privacy Important?

But first, why is data privacy important? Data Privacy is a big deal for companies and customers alike. Research has shown that consumers, i.e., your potential data subjects, are considering privacy in their purchasing decisions. In a recent study by Pew Research, “About half (52%) of U.S. adults said they decided recently not to use a product or service because they were worried about how much personal information would be collected about them.” Additionally, in separate research conducted by IBM, 75% of IBM’s respondents said,

“they will not buy a product—no matter how great the product is—from a company if they don’t trust that company to protect their data.

From the companies’ perspective, there is also a competitive advantage to winning on privacy. It allows companies to maintain their sacred bond of trust with their customers. As we share in the Privacy Compliance Checklist, data privacy is all about who has access to data. 

 In fact, by 2023, 65% of the world’s population will have their personal data covered under modern privacy regulations, up from 10% in 2020, according to Gartner, Inc. Addressing privacy proactively and thoughtfully can separate forward-thinking companies from the competitive pack of their industries. 

Consequences of Non-Compliance to Data Privacy 

There are many risks to companies for non-compliance. One report by Tech Target estimated an average cost of non-compliance to data privacy to be $14.82 million over a 12-month period.

Modern companies also consider the loss of trust and reputational risk. The adage, “trust is gained in inches and lost in miles,” rings true. While fines are aspect companies should consider, the loss of customer confidence can significantly impact your bottom line and long-term sustainability. As more customers consider privacy as a part of their buying decisions, ending up on the front page of the New York Times because of oversight can be extremely hard to overcome. So, you might be wondering, “what can you do about it?” 

Data Privacy Laws Impact on Privacy Programs

You may be wondering, what makes this process so complex? Your answer: varying requirements within legislation make navigating data privacy compliance requirements more difficult.

According to IAPP’s legislation tracker, 21 states have introduced privacy legislation in 2021. Several states, such as Virginia and Colorado, successfully passed their versions of comprehensive privacy laws. We expect this to continue to increase. Each of the laws provides its own approach in providing rights to data subjects and timelines for compliance. However, CCPA and the CPRA (California’s privacy laws) are considered the most comprehensive in the U.S. currently. It’s important to note what rights are covered under the law and how quickly your organization must comply to avoid potential penalties and simultaneously alleviate customer concern or confusion. 

What Do Data Privacy Laws Do? 

Data Privacy Laws provide the framework for individuals to exercise their privacy rights. The laws cover vital areas such as who has rights as a data subject, what companies must comply with the law, the time frames you must comply (or request an extension), and the type of rights data subjects can exercise. 

Each law, and the geographical area it applies to, can have different definitions for all of these terms, timelines, and more. The Privacy Compliance Checklist lays out the major privacy laws for you, so you can have the information top of mind as you’re developing or refreshing your privacy program. 

So, if you’re looking for how to define PII for your company, understand critical timelines for significant regulations, and apply all of that in your company’s context, we will have you well on your way with a quick download of the privacy compliance checklist

Discover key strategies to inform your team on building a privacy program prepared to handle whatever the future may hold. 


We’re making privacy easier – download the Privacy Checklist to see how. Get the checklist

Developing a Privacy Program – Simplified

Our team has the privilege of working with companies of all sizes and levels of privacy experience, i.e., those new to privacy and old pros. One thing is true, we see that companies want to do the right thing for their customers. However, the reality is that managing and creating a modern privacy program can be highly complex to figure out. 

We’ve found that the companies who do it best intentionally address nine core elements as a part of their privacy programs. Our checklist not only lists the nine steps but walks you through them in detail with a clear bottom line you can take to your team. 

  1. Designate a privacy lead 
  2. Have clear guidelines for what data needs to be protected (and know where it lives)
  3. Have a process for verifying the data subject’s identity that doesn’t add more risk to the company 
  4. Create a baseline of data privacy for their company
  5. Precise auditing and data retention policies 
  6. Gold Star privacy policies 
  7. An easy way for data subjects to exercise their privacy rights 
  8. Employee training 
  9. And a continuous improvement framework built into the program

Our Privacy Compliance Checklist is a detailed toolkit that gives both emerging and experienced privacy leaders a framework to launch world-class privacy programs at their companies.

You’re one click away from feeling more comfortable in the ever-changing landscape of data privacy. The Privacy Compliance Checklist is here to help you take your privacy program to the next level. 

We’re making privacy easier – download the Privacy Checklist to see how. Get the checklist

subscribe to GrailMail

Like what you see?

Get data privacy updates sent straight to your inbox.