Last month a question was posed on the Privacy List: "Does anyone have a template of an annual [or quarterly or any similar] DPO report to management that they would be kind enough to share?" The question generated dozens of responses that went something like, "Yeah, I'd like to see that too!," and some others offering information on what one would include in such a report.

The IAPP's content and research teams noticed the overwhelming response and have created the DPO Report Template — a slide deck that aims to help data protection officers report out to their leadership teams. We've taken the suggestions from the Privacy List and added in our own bits and pieces based on some of the more quantifiable requirements of the GDPR. For example, Article 30 of the GDPR requires companies keep records of specific things like the categories of data subjects and personal data that companies process, so we've included a slide for that. We included slides outlining organizational efforts to secure data, as required in Article 32, including documentation of security incidents, which will help fulfill your Article 33 obligations. Article 39 lays out DPO requirements like employee training and cooperation with the supervisory authority, so we've included a way to show how many employees are being trained monthly, and information on audits and complaints. You get the picture.

We often hear that communicating the importance of privacy to leadership is a real challenge — though with high-impact laws like the GDPR, it's getting more commonplace. A report like this accomplishes more than outlining compliance efforts. It also keeps privacy in front of leadership, it shows the risks that come with processing personal data and the importance of a strong team to protect that data.

This template is a first stab, and one that we hope the IAPP community will use, alter, and share back with us. We welcome suggestions, and we'd love to see how you've improved upon it and customized it to fit your needs.

As the Privacy List tagline goes, "It's crowd sourcing. With an exceptional crowd."

Check it out here and let us know what you think.