Managing risks - learning from Covid

Managing risks - learning from Covid

Ian Williams Ian Williams

Ian Williams

Published Oct 2, 2020
+ Follow

Watching how Covid is being handled over the past few months, weeks and particular days, has really made me think about how we manage risks. As a data-privacy professional it’s my job to support my organisation to manage their data privacy risks well.

Whether you think that the risks around Covid are being managed well or not I leave that to you to decide but here are my 5 takeaways from it all when it comes to managing risks:

1.    Clarity is key. There seems no greater failing in managing a risk if you are not clear about how you expect the risk to be managed. The controls you have to avoid, mitigate, manage or transfer a risk needs to be crystal clear to avoid confusion, anxiety, anger and even pushback.

2.    Constant change isn’t good. Changing the controls you have to manage risk too frequently will also lead people to not understand what is expected of them. This results in a lack of trust that you know what you are doing. This will heighten the likelihood that people fall into non-compliance either unwittingly or, worse, on purpose.

3.    Handle metrics carefully. Metrics and indicators of risk or performance are useful to see how well a risk is being managed. However, they should not distract from your main message. Too much focus on numbers can lead people to forget what is expected of them and end up in the risks just growing.

4.    Get buy-in. Try to ensure that whenever you put controls in place to manage a risk that people understand why that control has been selected. Not having control one day but having it in place another for the same risk only leads to people questioning its necessity. Support your choices with honesty and evidence.

5.    Be honest and realistic. Some risks are harder to manage than others. The key is not to bury your head in the sand about them but work out a clear plan to get you to where you and your organisation feel comfortable. Moreover, set realistic timescales to get there. People feel more comfortable when there’s an end date, but, be careful not to set yourself up to disappoint them if you have set overly ambitious deadlines.

Whatever you are up to be safe and have a great day.





To view or add a comment, sign in

More articles by Ian Williams

  • Why DPIAs are a good thing
    Mar 25, 2022

    Why DPIAs are a good thing

    I am reflecting on an interesting week after being part of a panel with Kristine Behm and Chris Whitewood at the Data…

  • Talking up DPIAs - challenge accepted
    Mar 14, 2022

    Talking up DPIAs - challenge accepted

    I am really looking forward to seeing colleagues in person and virtually at the DPFG. I will be part of a panel with…

    3 Comments
  • DSAR Handling - Still getting the basics wrong
    Aug 9, 2019

    DSAR Handling - Still getting the basics wrong

    An interesting, but also annoying, report appeared in the BBC news today. Black Hat: GDPR privacy law exploited to…

  • Data privacy - Looking beyond the fine
    Jul 24, 2019

    Data privacy - Looking beyond the fine

    With so much attention on the fines for GDPR, not only last week, but also in the run up to it coming into force, it’s…

  • Great Cyber Crime Visual
    Jan 15, 2019

    Great Cyber Crime Visual

    This is not a KPMG video but our Cyber Team really liked it so much we thought should be shared. This is great…

  • Manchester KnowledgeNet
    Jan 7, 2019

    Manchester KnowledgeNet

    My colleagues in our KPMG Manchester Office are hosting the first meeting of the IAPP Manchester KnowledgeNet this…

See all articles

Others also viewed

Similar topics

Explore content categories