Keeping personal data safe and private is an urgent priority for any organisation. This isn’t just because of the requirements of the EU’s General Data Privacy Regulation (GDPR), which has a global reach. Increasingly, there is a demand for privacy from ordinary consumers irritated by large technology companies taking them, and their data, for granted.

Privacy, therefore, needs to be at the forefront of the issues that organisational leaders address. That’s because complying with the legal, ethical and social requirements of privacy is hard. In part this is because there are many misunderstandings about the rules – GDPR is still being interpreted by privacy practitioners, regulators and lawyers. In part, it is because privacy culture varies widely around the world. What is certain though is fines for non-compliance are high and the dangers of being found vicariously liable for mistakes made by employees are considerable. A robust structure for ensuring privacy is therefore essential.201