Program Design & Implementation

Program Design & Implementation

On completion of Gap Assessment, an organization gets a view of what lies ahead on its Data Privacy journey.

Data Privacy programs are large, complex and continuous involving and impacting many teams, organizational units, business processes and functions, IT infrastructure and applications, third parties, etc. Therefore, an ad-hoc or piecemeal approach to design and implement the program doesn’t really work. A formal framework is required to ensure a structured and organised approach to the program.

We at Arrka help organizations choose the most optimal Data Privacy framework that works best for them. Some of the frameworks we have worked with include the DSCI Privacy Framework (DPF) and the BS 10012 Standard.

Using this framework as the basis, we then help organizations structure, design and implement their Data Privacy programs.

Some of the fundamental challenges we help organizations address include:


  • Where do we start? Which team/department/ business/ process/ geography do we start with? Can we look at multiple units in parallel?
  • Where in the organization should the privacy office reside? Should it be an independent function or should it be part of another function?
  • What kind of privacy policy does the organization need? Would a single policy work across the entire organisation or should we have one basic policy with sub-policies for different geographies?
  • How do we identify and map the personal data the organization deals with?
  • If there are a lot of cross-border Personal Data flows involved in the current IT architecture, does the architecture need to be re-designed or would it be more optimal to find legal instruments/ process-level solutions? Or is a completely different approach needed?
  • How do we deal with third parties who have access to our Personal Data? What kind of requirements do we ‘impose’ on them?
  • How do we build awareness amongst our people? How do we do this in a structured manner?

Answers to the questions raised above – and many more such ones – help in designing a privacy program.

Once the design is in place, the organization needs to actually roll it out and implement it. This can also be a complex and long exercise – depending on how many business units come under the purview of the program.

Here, the Arrka team works hand-in-hand with the organization’s team in ensuring a hassle-free roll-out of the Data Privacy program.

Many elements in the above phase are supported and enabled by the Arrka platform and the Arrka Privacy Toolkit. Further, the Arrka Privacy Management Dashboard helps organizations manage their privacy program.