With mere days to go until privacy professionals convene in Brussels for the IAPP Europe Data Protection Congress 2018, many still wonder who will be the next HPE-IAPP Privacy Innovation Award winner this year. To help keep that burning curiosity alive and well, the IAPP recognizes Whirlpool, which was submitted for consideration by the team at OneTrust this year, for an honorable mention based on its privacy program build-out in preparation for the EU General Data Protection Regulation.
The HPE- IAPP Privacy Innovation Awards are distributed annually to recognize unique programs and services in global privacy and data protection. Highlighting organizations that integrate privacy in such a way that it elevates its value, both a competitive differentiator and a centerpiece of customer and citizen trust, the award serves to distinguish privacy programs and innovation in the field.
As the world’s leading manufacturer and marketer of innovative home appliances, the company approached the GDPR based on four main pillars: people and culture, processes, policy and technology.
Isabella Gonzalez, director of ethics and compliance for Whirlpool's European, Middle East and Africa operations, said the company's main focus was on promoting a cultural shift on privacy awareness based on a genuine passion about privacy.
“It’s about communication, collaboration and consumer trust,” Gonzalez said, adding, “There is a lot of focus on the cultural element for us, which is very powerful. We are not saying, 'Do this because otherwise we might face the GDPR fine.' The financial threat is not the main point for us at all. I feel proud that people really believe in the mission of the program and care about privacy.”
While there was a concerted effort ahead of implementation, Gonzalez said there the program was almost always in place. But the GDPR "afforded us an opportunity to drive ownership so that people really felt that anyone who touched data was accountable for its security and handling with care. The mindset across Whirlpool is that privacy is everyone’s responsibility.”
Whirlpool's training program featured inspirational talks, close collaboration across all business functions and saw the establishment of a network of privacy champions within business functions throughout the company's EU market. Nominating a full-time DPO, conducting live privacy trainings and offering a comprehensive suite of IAPP eLearning courses also helped to support the company’s efforts to drive their privacy initiative. Gonzalez said, “The rollout of the program was a great exercise of collaboration of different functions across so many jurisdictions.”
Buy-in from senior leadership really helped to drive the program's success, Gonzalez said.
"We believe in the concept of trust a lot; it’s in our mission, which is ‘create demand and earn trust every day,’ and it really helped get the necessary support to engage an enormous army of people to help facilitate the program and embed privacy controls in routine business processes.”
In the end,“We took on the challenge of GDPR not as an obligation, but as a way to show our consumers and employees that we intend to earn their trust and continue to innovate, all while keeping privacy at the forefront.”
If you want to comment on this post, you need to login.