IVI Framework Viewer

Culture

B4

Establish a personal data protection-aware culture. Inform stakeholders of key developments to build a shared understanding of how they can contribute to the realization of personal data protection objectives.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Culture at each level of maturity.

2Basic
  • Practice
    Begin to raise awareness of how personal data protection activities contribute to the organization's objectives, and begin to offer incentives/rewards for achievement of those objectives.
    Outcome
    There is emerging visibility of how personal data protection activities contribute to the organization's objectives.
    Metrics
    • % of employees with awareness of how personal data protection contributes to strategic objectives.
    • % of employees receiving incentives/rewards.
  • Practice
    Establish a basic approach for communicating the most significant personal data protection topics to stakeholders.
    Outcome
    Employees begin to understand key issues pertaining to personal data protection and can discuss their potential impacts.
    Metrics
    • Frequency of personal data protection communications.
    • % of employees receiving communications.
3Intermediate
  • Practice
    Promote a common understanding of how personal data protection activities contribute to the achievement of the organization's objectives, and incentivize appropriate behaviours.
    Outcomes
    • Awareness of the importance of personal data protection and acceptable behaviours grow among individual employees.
    • Most employees understand how their behaviours and day-to-day activities can enhance or invalidate personal data protection efforts.
    • Many employees are better motivated to support the realization of objectives.
    Metrics
    • % of employees with awareness of how personal data protection contributes to strategic objectives.
    • % of employees receiving incentives/rewards.
  • Practice
    Standardize the approach that is used for regularly and consistently communicating key personal data protection topics to most stakeholders, and tailor the communications to their needs and interests.
    Outcome
    Visibility and awareness of personal data protection issues and their impacts are improved.
    Metrics
    • Frequency of personal data protection communications.
    • % of employees receiving communications.
4Advanced
  • Practice
    Incentivize all relevant employees across the organization to robustly maintain personal data protection levels.
    Outcomes
    • Employee behaviours reflect a strong personal data protection aware culture.
    • Employees across the organization are fully aware of the importance of personal data protection and are strongly committed to working together to ensure data protection measures are effective.
    Metrics
    • % of employees with awareness of how personal data protection contributes to strategic objectives.
    • % of employees receiving incentives/rewards.
  • Practice
    Proactively communicate personal data protection topics in a tailored manner to all relevant stakeholders across the organization.
    Outcomes
    • Communication is in the context and language of the stakeholder.
    • Broader visibility, awareness, and credibility of personal data protection issues are fostered, generating higher levels of interest for engaging in future activities.
    Metrics
    • Frequency of personal data protection communications.
    • % of employees receiving communications.
5Optimized
  • Practice
    Incentivize all relevant employees to continually keep abreast of evolving personal data protection threats and other relevant trends.
    Outcomes
    • Personal data protection activities are regarded as being part of everyone's job.
    • Employees are enabled to continually detect security anomalies, and to quickly and safely raise alarms or invoke appropriate responses to personal data protection threats.
    Metrics
    • % of employees with awareness of how personal data protection contributes to strategic objectives.
    • % of employees receiving incentives/rewards.
  • Practice
    Extend communication of personal data protection topics to the wider business ecosystem where relevant, and review the communication approach for improvement opportunities.
    Outcome
    The communications can be framed with discrete audiences in mind, down to the level of key individuals where appropriate.
    Metrics
    • Frequency of personal data protection communications.
    • % of employees receiving communications.
    • % of business ecosystem partners receiving communications.