wordpress blog stats
Connect with us

Hi, what are you looking for?

How to be a Chief Privacy Officer – #PrivacyNama2021

A conversation with chief privacy officers in global companies gives key insights into what exactly is the job and more.

“Typically jurisdictions or companies begin by assuming that the privacy leader should be a lawyer…But very quickly, what they discover is that a legal background is probably not sufficient. A full suite of skill sets are necessary,” Justin Weiss, the Global Head of Data Privacy at Naspers Group, said when asked about the role of a Chief Privacy Officer. 

As privacy legislations take root in countries around the world, the role of the Chief Privacy Officer has become increasingly crucial within organisations that deal with sensitive data. India is also expected to have a Personal Data Protection Bill soon, which means Indian companies will need to figure out how to align themselves accordingly.

Weiss made these comments at a session on ‘Adapting to global privacy legislation’ at PrivacyNama 2021, a global conference on privacy regulations held by MediaNama on October 6 and 7. In the session moderated by lawyer Rahul Matthan, Weiss was joined by Idriss Kechida and Srinivas Poosarla, who are Chief Privacy Officers at Match Group and Infosys respectively. Here’s what they had to say about how to be a Chief Privacy Officer:

Start from the top

Reporting to the board: Both Poosarla and Kechida agreed that the Chief Privacy Officer needs to report directly to the company’s board to avoid interference from other functions within the organisation. “A great amount of independence is required. Typically the requirement to report to the board comes to the fact that the other functions will influence you. So it is very important to have the ability and autonomy to take issues at the top,” Poosarla said.

Sponsorship from highest levels: Kechida highlighted the need for Chief Privacy Officers to seek sponsorship from the highest level of the organisation for their privacy agenda:

Advertisement. Scroll to continue reading.

You need to find that sponsorship at the highest level… and employees need to be aware of that decision or policy the company has.  So, that when those decisions are taken, they know where it comes from and they know why it makes sense for the company. — Idriss Kechida

Weiss emphasised that employees must feel recognised and rewarded for implementing privacy measures within their verticals:

You need the executive team to make those assignments [to implement privacy measures]… People are rewarded and recognized for doing work that their bosses expect of them. If their friend Justin comes in and expects them, and it seems like a favour, they may try to help me out. But it’s very different than if the boss says you’ve got to do this thing, and you’re going to be rewarded and recognised on that basis. — Justin Weiss

Support MediaNama’s endeavor to enable meaningful conversations around technology policy. Subscribe here.

Allocate resources to implement privacy measures

Weiss said that there were three crucial elements to consider when budgeting for an in-house privacy initiative:

  • Human Resources: The number of people dedicated to the privacy vertical will depend on the nature of the business, Poosarla said. The salary range for a Chief Privacy Officer is similar to that of a mid-level attorney, according to Weiss.
  • Automation: Weiss also recommended budgeting for automated services that offer to make it easier for your company to implement privacy measures, like dealing with customer complaints or managing consent.
  • Training: Budgets for privacy need to accommodate the time it takes to train different teams within the organisation in best practices around privacy, both Weiss and Kechida emphasised. This could include automated training modules or creating original video content.

Adhere to high privacy standards to comply with local laws

It can be a challenge for companies operating in multiple jurisdictions to comply with local privacy legislations. The panelists suggested:

Adhering to a standard: Poosarla and Kechida agreed that companies should adapt to a single privacy standard that makes them compliant in most jurisdictions:

I always recommend that we should go for a standard like ISO 27701 which got published in 2019… It is mapped to GDPR principles and therefore you are more likely to be doing all that is required to be able to comply to various jurisdictions so scalability becomes easy. — Srinivas Poosarla

Addressing customer concerns: The role of any data protection authority, at least in part, is to address privacy issues brought up by citizens. But Poosarla emphasised the need for privacy officers to take on this burden themselves:

Effectiveness lies in listening to requests properly and take them as an opportunity for improvement. If you don’t, these same people will go to the data protection authority (DPA). So I when I meet DPAs I tell them, we are like an extended arm of DPA. If I am in Spain I am ensuring that people don’t go to DPA of Spain, they come to me. If only I am not able to satisfy them they go there, and that’s my failure. — Srinivas Poosarla

Kechida too talked about how customer service was at the heart of a CPO’s role. “Ultimately it’s the customers whose data you process, and so if you want to really do things well, it’s there. What matters to them like directly is: I want to know what data you have about me. I want you to delete my data. This is the thing you want to put a lot of effort in, to make sure people are satisfied with the way that you’re handling this,” Kechida said.

Advertisement. Scroll to continue reading.

Figure out how to balance user privacy and company growth

How to manage risks: The way to think about risk management for privacy roles is slightly different because you’re not just thinking about the risk to the company, Weiss said. “You can frame privacy issues as a kind of corporate risk, and when you do, you might assume that running a privacy program is very similar to running other types of programs that try to manage risk for the corporation. What is unique and different about privacy is that the privacy officer’s primary duty and responsibility is to think about risk to a different class: risk to individuals,” he said.

Conflicting priorities: There are often conflicts between the privacy of individuals and the company’s growth. What should CPOs prioritise in such cases? Weiss argued for navigating away from a yes or no approach: “The question is not, should you take away all algorithms, yes or no. The question is, what are the features of an algorithm that balance in a proportionate way the need to do what the algorithm is supposed to do… with the potential negative impact on individuals. And once you do that balancing work, it’s not usually a yes or no, it’s a how,” Weiss said.

MediaNama hosted this event with support from Facebook, Flipkart, Internet Society, Mozilla, Mobile Premier League, Omidyar Network, Paytm, Star India, and Xiaomi. We are also thankful to our community partners – the CyberBRICS Project, the Centre for Internet and Society, and the Centre for Communication Governance (NLU Delhi).

Also read: 

Have something to add? Subscribe to MediaNama here and post your comment. 

Advertisement. Scroll to continue reading.
Written By

Figuring out subscriptions and growth at MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Is it safe to consider all "publicly available data" as public?


PhonePe launched an e-commerce buyer app for ONDC called Pincode. We, however, believe that it should also launch a seller app.


Amazon announced that it will integrate its logistics network and SmartCommerce services with the Open Network for Digital Commerce (ONDC).


India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?


After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ