Privacy espresso seriesResourcesMay 12, 2022Part 2 : GRC & Data Privacy – A value driven approach


In this privacyespresso Andreas von Grebmer, Information Security Advisor at wizlynx group explains how GRC (Governance Risk Management & Compliance) and data privacy can contribute to value creation for a company.

In order to do that, Andreas moves from our last session, where he’d emphasized how essential it is to break down the silos structure to leverage the full potential of an organization, and to treat overlapping requirements from a central perspective. Using the silos system in a separate manner would keep many resources busy, the big picture is not seen, and requirements are often interpreted differently.

How to avoid this? By creating a centralized inventory for its assets and by focusing on answering four main questions:

  1. What are the relevant assets of the company? What needs to be protected?
  2. Who owns it?
  3. What is it worth?
  4. What protection is appropriate or Expected?

By answering these questions you’ll have a clear picture to, in a nutshell, know the asset, know the owner, know the value and the protection needed in your organization.

Once this is done, the efforts will materialize:

  1. The first benefit is increased ProfitabilityIf the company values are known and evaluated, the company can manage them with the effort they require.
  1. The second key benefit is Transparency. The Information on corporate values is available centrally and up-to-date at all times, and inquiries can be answered more quickly actively supporting the decision-making process.
  1. The third key benefit is Agility. Nowadays, companies have to react quickly to changing requirements or respond to customer requests e.g. how personal data are processed – which information is kept and how they are secured.
  1. The fourth key benefit is a result of the ones above and consists of a better Oversight of the company and its Optimization.

By having oversight of assets, it is much easier to proactively manage risk and by that, minimize the risk exposure and the risk of non-compliance.

In conclusion, Andreas indicates some experience-driven tips on how to make all this possible, underlining the relevance of achieving leadership commitment as a top-down approach is a key step required to make all this possible!