Though perhaps falling short of being a universally accepted one, it is a truth that any organisation processing personal data needs a privacy programme. But how best should an internal compliance framework be structured in order to keep apace with the rapid rate of change and remain relevant (if not necessarily interesting)?
As more countries are enacting comprehensive data protection laws for the first time, the question becomes increasingly relevant. Even the US appeared close to passing a Federal data protection law earlier in 2022, whilst other countries (for example, Australia, the UK and Switzerland) are in the process of updating existing legislation and/or introducing complementary legislation. The EU also continues to generate new laws, a good example being the EU’s Digital Services and Artificial Intelligence Acts.