What comes before a full‐fledged CPO? Most startups don't have a CPO and just rely on outside advice from external counsel or a privacy consultant. Some probably don't have any help in this area at all.

Signs It's Time to Hire Your First CPO

You know it's time to hire a Chief Privacy Officer when:

• You wake up in the middle of the night terrified that you're going to find your company on the front page of the newspaper or served a subpoena to testify before Congress about a data breach.
• You are spending too much of your own time trying to understand what PCI Compliance, or HIPAA, or GDPR means to your business.
• Your Board asks you what your data breach client communication plan is, and you don't have a great answer and aren't sure how to get to one.

When a Fractional Chief Privacy Officer Might Be Enough

A fractional Chief Privacy Officer may be the way to go for most startups forever—sometimes in the same person as a fractional Chief Information Security Officer. You probably can't get by without a full‐time leader in this area if you are large (>$50m in revenue) and are sitting on a massive amount of consumer data, especially PII, financial information, or health information. But if that's not you, a fractional Chief Privacy Officer may be the way to go. While a fractional executive is similar to an outside lawyer or consultant, an executive has a company title for external credibility and the personal ...