We make the case for an integrated approach to privacy management within organisations. Current approaches to privacy management are either too high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or too low-level, focusing only on the technical implementation of access controls to personal data held by an enterprise. High-level approaches tend to address privacy as an afterthought in ordinary business practice, and involve ad hoc enforcement practices; low-level approaches often leave out important legal and business considerations. As part of the EnCoRe project we are developing a methodology which tries to bridge the gap between privacy risk and impact assessment with the technical management of privacy policies. We are working to define a conceptual model as a means of expressing policy requirements as well as users' privacy preferences and as a way to bridge the gap described above. We aim to show the value of this approach in collaborative case studies (including corporate personnel management, biobanks and assisted living) in the context of the EnCoRe project.