digitalist.global // November 22 2017
How to Get Started with the GDPR Project from the Project Manager’s Point of View
Companies should be GDPR compliant by the 25th of May, 2018. This means in many companies that they are waking up to the fact that maybe something should be done. OK, let’s start the GDPR project with the first question: ”Who will be the project manager”?
Lucky You – you have now been nominated to be the enthusiastic GDPR project manager! Of course you eagerly start working on a new GDPR project, but what should you do?
You need commitment from the management board, i.e. one person to be the owner of the project. He/she should present to BOM what this new EU law, which is valid in all EU countries, is about. This person also needs to advocate that your company’s IT, IT Manager, Solution Users, Solution Owners or HR people don’t have the main responsibility on how ready the company is with the new regulation. Ultimately CEO and BOM are responsible for the level of GDPR compliance on the 25th of May, 2018.
2. Get to know GDPR
First of all you should get to know the official GDPR and the definitions (article 4) from here. After that you can read through the whole document in any EU language BG – CS – DA – DE – EL – EN – ES – ET – FI – FR – GA – HR – HU – IT – LT – LV – MT – NL – PL – PT – RO – SK – SL – SV. Secondly you can Google for articles about what GDPR is, and what should be done. From each of them you can get different views on GDPR, but in most cases they are correct.
You should decide on a scope for the project. The scope will be based on which GDPR implementation level the project owner and BOM will place their “yellow star ” in, in the picture above. Take care that this project should not do everything to make the company fully compliant. In most cases GDPR project mapping and gap analysis can lead to a lot of changes to processes, changes to solutions and mitigations of existing subject data (collected personal data). If you don’t have almost unlimited resources, you should scope these out of your project. Those issues should generate their own maintaining projects.
You must involve a lot of resources from different areas of your company in the process. Subject data is stored in many places in your company and in most cases same data is collected in different places. You should have sufficient resources and responsible people committed to being a part of the project from different parts of the organisation.
Make a project plan with phases and tasks, which tasks should be ready and when. Plan and divide it into tasks on how you will collect information to map out the current situation and make a gap analysis to the selected GDPR implementation level.
This can be the start for the GDPR implementation project. Lots of things will appear in the first phase of the project, and during the first phase you will get to know a lot about GDPR and understand why you limited the scope.
Now collect you “Dream team” and step to the path to make your company GDPR compliant!
By Tapani Tuovinen, Senior Consultant at Digitalist