Building trust through data privacy

Kathleen Champagne

Managing Director, Privacy Lead, PwC Canada

Email

Why a holistic approach to data privacy management makes good business sense

Organizations have more data at their fingertips than ever before, and the volume of that data is only growing. But capturing and using personal information—not only from customers, but from employees, job applicants and others you do business with—isn’t a matter you should take lightly.

If you’re collecting personal information or processing it, you need to make certain you’re handling it appropriately—from making sure that you have a valid reason for collecting it and that you have the consent or an exemption to use it, to putting processes and controls in place to ensure the information is securely maintained, protected and only accessed by users who need it for specifically stated purposes.

Not protecting the personal information you collect can have serious consequences both for your organization and for the people whose data gets mishandled. These impacts can range greatly in severity, from an individual being irritated by personalized marketing for which they didn’t consent to having their personal information accessed by a bad actor who means them harm.

An end-to-end approach to data privacy management

Many organizations today recognize the critical importance and complexity of data privacy management. In our 2025 Digital Trust Insights Survey, 48% of business leaders identified data protection and data trust as their top investment priority over the next year. However, managing data privacy isn’t as simple as asking your privacy office to develop a policy or solution that aligns with existing regulations. If you want to manage your data privacy effectively, you need to develop a holistic and collaborative approach that can be operationalized end to end across your organization.

Four key steps for developing a holistic and collaborative approach

If you’re looking to develop or enhance your approach to data privacy management to make it more holistic and collaborative, consider focusing on the following four key activities:

1. Understand your risks

Since every organization is different, you need to understand what your specific data privacy risks are so you can align your approach accordingly. This means working with people from across your organization to fully understand your current state, including what personal information is being collected, how it's being collected and stored, who is using it and for what purpose, and the potential risks associated with any data misuse.

2. Define your target operating model

Defining a privacy and data management target operating model gives you a commonly agreed on "end-state" vision to work towards. It involves documenting your desired data privacy management model and agreeing to the roles and responsibilities associated with operationalizing it, such as who within your organization and various functions is responsible and accountable for specific activities (e.g.providing notice that information is being collected, capturing applicable consents related to all data uses, using data based on purpose limitations, limiting access to data, managing security around data, responding to data requests).

By developing and implementing a target operating model, you can better orchestrate the data privacy management activities across your organization and enable everyone involved to understand their related roles and responsibilities.

3. Optimize your data privacy management tools and solutions

Many organizations already have tools and solutions that can help facilitate data privacy management, although they aren’t always known or leveraged across functions. As you’re working to define your target operating model, identify and assess all the data-management-related tools already in use within your organization (e.g. spreadsheet-based logs, security solutions, compliance systems, risk trackers, customer engagement tools, privacy impact workflow tools) so you can optimize them as part of your approach. Examine how you can use these tools—or new ones if needed—to solve for any additional data privacy management requirements, to bridge identified gaps and to reduce critical risks to your organization.

4. Take an iterative approach

The data privacy landscape continues to shift. The volume of data is increasing, regulations are evolving, cyberattacks are becoming more pervasive and innovations in areas like artificial intelligence (AI) are not only introducing new privacy considerations, but are also providing new solutions and tools that make managing data privacy more efficient and effective. That’s why you need to think about data privacy management as an ongoing activity—one without a finish line.

By taking an iterative approach, you can prioritize your efforts and make the most of your limited resources today, while continuing to strengthen your data privacy approach and processes over time.

Build trust, build a sustainable future

Taking a collaborative and holistic approach to data privacy management is more than a regulatory priority—it’s a business imperative. It can help you establish a culture of data privacy within your organization. It can help you become more resilient to the changing business environment. And it can help you build trust with your stakeholders—trust that can enable you to provide more value and personalization to your customers in the years ahead.