Where does your company belong in the MPC Privacy Quadrant?

With so many privacy regulations out-there, several almost in each province in Canada and more being proposed, it is understandable that companies already short on resources are feeling overwhelmed.

How can SMBs wrap their head around what exactly needs to be done to satisfy all their legal and regulatory compliance obligations?

In our previous Dec 18 Article we talked about how an organization can setup a budget for privacy compliance and we listed a number of activities that IAPP has found to be universally weak or lacking in companies around the globe.

To arrive at the right shape and size of your privacy compliance program MPC has created the Privacy Quadrants based on our long-standing professional experience with customers from every quadrant, and from our understanding of creating and managing privacy programs that are future-proof, sustainable and suitable for the challenges and risks that are unique to every business.

Managed Privacy Canada’s privacy professionals have taken the time to research the landscape and were able to identify additional factors that SMBs need to consider to understand what quadrant they belong to and by extension why obligations they have, based on:

  • Volume of personal information processed
  • Dependency of your business on personal information
  • Your organization’s size and global vs domestic footprint
  • Benefits of compliance vs consequences

Typically, a small or medium-size organization that is in a niche business such as repairs, or a supplier for larger organizations or the public, or doesn’t have a direct business-to-consumer data collection or processing model, would have less personal information (aside from that of employees which requires great care and protection under the law) and therefore we placed them in bottom left MPC Privacy Quadrant .

As the business grows in size and expands but keeps the same volume or focus of personal information (mainly employees and other business customers), it would be placed in the upper left quadrant . What we are also noticing in this quadrant is that the competition is higher and the reputation is a lot more at stake, therefore these organizations will be under a lot more scrutiny. In other words, they have a lot more to lose and potentially miss out on merger type opportunities should their privacy and cybersecurity practices are not at an acceptable maturity level.

In our Dec 16 Article we mentioned that small businesses who want to grow fast and want to get a larger portion of the market share may also expand their business model to collect and/or process more personal information. These organization are represented in the bottom right MPC Quadrant  and for these, compliance becomes very important as does the cost of negligence.  Last but not least, organizations that handle large amount of information and are customer or consumer facing  are under a lot more pressure to implement mature privacy and cybersecurity programs and they will likely have dedicated teams on staff.

In our Dec 18 Article  we also talked about baselining your budget for privacy and by extension cybersecurity. Organizations who are under more scrutiny, have to respond to multiple laws and regulations. If they have ambitious growth and expansion plans and want to attract more business and customers, they need to go beyond the baseline and really understand what would it take to implement appropriate personal information privacy, protection and safeguards and the resources and knowledge they need to have at their disposal.

Managed Privacy Canada has recently introduced a privacy Playbook (the 2021 P3) aligned with industry thought leadership and compliance standards, to jump start your privacy compliance efforts.

Get started with the Practical Privacy Playbook

For additional insights and certified expertise:
Website: www.ManagedPrivacy.ca
Email: [email protected]
Facebook: https://www.facebook.com/ManagedPrivacy
Twitter: @managedprivacy

  • Volume of personal information processed
  • Dependency of your business on personal information
  • Your organization’s size and global vs domestic footprint
  • Benefits of compliance vs consequences 

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter

Scroll to Top