Last year, the Privacy-Conscious Leadership tool developed by the Dutch Government Academy for Digitalization and Informatization (RADIO) won the Encouragement Award at the Dutch Privacy Awards. Recently, Privacy First looked back on the past year with Janet Yuen (RADIO project leader) and Rutger Bos (Chief Privacy Officer, Ministry of General Affairs), discussing the development of Privacy-Conscious Leadership and the steps that have been taken. We also discussed the use cases of organizations for whom this tool has proven valuable.
Now that the team can look back on winning a Dutch Privacy Award after almost a year, the question can be answered as to whether this product has lived up to the expectations and ideas that were envisaged during its development.
Rutger explains: "We have customized this tool for General Affairs (GA) so that it fits in perfectly with our processes. As a result, this product functions as a 'one-stop shop' on our government portal, where everyone can easily find the right information related to the process they are involved in by simply clicking through logically.
It primarily serves as a foundation that any organization, not just government agencies, can utilize, regardless of industry or size. It brings order to the chaos of information and simplifies the process of linking relevant information from the government portal to, for example, aself-service portal.
The product is currently beingfine-tunedand enriched with additional links to support government-wide communication. It was developed for the government, but can be used by any organization, including SMEs. This applies not only to the privacy domain, but also to other business processes and documentation, such as employment agreements and contracts.
The Privacy-Conscious Leadership routes are a tool for putting the GDPR into practice. This is necessary because knowledge of privacy laws and regulations sometimes leaves something to be desired, particularly among administrators, asreportedby the Autoriteit Persoonsgegevens AP) in October 2024. The tool is a graphical representation of situations in which managers in the public domain are confronted with the GDPR.
The tool consists of six routes (situations), each with a series of intermediate stops or actions. Together, this step-by-step plan provides managers with practical tools to comply with the GDPR. Without first delving into theory, managers learn about privacy through practical work experience and can take well-considered action.
Privacy protection is everyone's responsibility, not just that of one layer within an organization. This means that both management and employees can use this product. What is greatly appreciated is the simplified visual representation because, if it were presented in text, it could quickly become incomprehensible and complex. The attention paid to the design to make things clear is an essential aspect. It may be a cliché, but a picture says more than a thousand words."
“For us, the focus is on both the near and distant future. We may systematically add routes for future tasks. Ultimately, we collect a lot of confidential government information, which is stored in a certain way and is currently being considered for future disclosure. For example, suppose that in 10 years' time, the government decides to make the National Archives accessible using large language models (LLMs). This could have an impact on the privacy protection we currently believe we have. That is why we are already thinking about the protection that will be needed in the future, so that confidentiality remains as initially intended and any breach of that confidentiality is made impossible."
Organizations were called upon and invited to download the product and start using it. To this end, a walk-in consultation hour was organized last summer (2025) because more than 80 organizations had expressed interest in thetoolkitand had additional questions about it.
What is powerful is that a lot of content and models are available in Word format, which every organization can immediately start working with and much of which has already been prepared. This makes it easy for interested parties to quickly tailor this content to their specific organization. The ripple effect occurs when more people start using it and we get the 'stick-with-me effect'. This leads professionals to go to their managers or other colleagues and say,"Hey, look at this, it works great!"
It has enabled us to focus on the end result and provided a clearer picture of the target group we wanted to reach. Therefore, we did not only focus on the content (what should it be capable of), but also on its applicability by the intended target group (how do we increase adoption). It also generated internalexposure, making people more aware of us. If a privacy issue arises somewhere in the work practices of General Affairs, we are involved in the process earlier than before."
Just sign up, even if your project isn't completely finished yet. It motivates the team and the organization, and it always brings you closer to privacy maturity. It helps you think, shape, and refine your ideas and plans.
Advice: justdo it!
For more information about the Dutch Privacy Awards, the participation criteria, and an overview of all nominees and winners since 2018, visitPrivacyAwards | Privacy First.
