Blog PostAssurance Services
Data Protection project – done and dusted?
  1. Privacy policy on the website updated – Tick
  2. Data protection policy updated – Tick
  3. Communications sent to staff about data protection – Tick
  4. Training rolled out to staff – Tick

Cue the sigh of relief on 25th May 2018 as GDPR is done with, right? Not quite…

The EU legislation, as well as the local Guernsey and Jersey legislation, impacts all organisations regardless of size. Many organisations are still uncovering processes and platforms that require an overhaul as a result of the new legislation.

What has happened to your organisation’s GDPR project? For a number of organisations the impact of Data Protection changes has seen a number of new projects and changes materialise, such as:

  • Process reviews 
    • Ongoing monitoring
    • IT processes
    • Starters/leavers process
  • Embedding behavioural changes 
    • Aligning to group standards and processes
    • Link to any information security projects and initiatives
  • System implementations/changes
    • Records management
    • Data management
    • Knowledge management
  • Third-party service provider management
    • Risk classification of third parties
    • Security reviews of third parties

Are you in that position? At the end of a GDPR/Data Protection project and you are now adding more and more projects and changes to your portfolio of projects? Below are some steps to incorporate into that process that may help you:

  1. Scope the projects and changes properly – take your time to understand the objectives of what you want to achieve, the potential costs, the risks from the outset and the resource requirements. Rushing the discovery stage often leads to project challenges further down the line.
  2. Re-prioritise your projects – get your senior execs and stakeholders in a room and review the entire portfolio of projects. This will give you the opportunity to understand if any projects require de-prioritising in light of the new projects being added to the list and which align to the organisation strategy and/or legislation or regulatory obligations.
  3. Manage expectations and communicate – a portfolio review is likely to be followed by the need to reset expectations regarding overall project delivery and priorities. A key part of this is to communicate effectively to stakeholders, the project team and the wider organisation. Getting comms out early (and in plain English) will help manage expectations across the organisation.

You can also find out more about our Data Protection and GDPR Health Checks and understand how one of our health checks can help you understand your data protection posture.

Fancy a chat? Get in touch with CBO today to discuss how we can help