6 tips on getting stakeholder buy in for your GDPR project

June 7, 2017 11:31 am Lisa Kelly

The starting point for your business when it comes to GDPR (General Data Protection Regulation) should be to know your existing relationship with people’s personal data including:

  • What data your organisation collects today
  • How the data is used
  • Where it is used
  • Who you share the data with
  • What current data protection framework you have in place

Once you understand how your business currently uses data, then you will be able to see how the introduction of GDPR could negatively impact your business. The effects of GDPR are different for every organisation, even if you see someone in your field with a GDPR strategy that isn’t a blueprint to follow.

When you are putting together a GDPR strategy one of the most difficult parts of the process is getting the required buy in you need from stakeholders.

As GDPR is likely to impact the entire culture of your organisation, you will have to deal with a lot of stakeholders for your GDPR plan. With that in mind we look at 6 tips on how to get buy in from your stakeholders.

It’s a common mistake to focus solely on the budget holder, who is important, but you also need to keep the end user in mind and those that will be involved through the actual integration of your GDPR solution. What it boils down to is, the more involved they are, the more likely they are to invest money, and most importantly, time into a GDPR solution.

Changes to company culture and any new program to help you build your GDPR lifecycle will inevitably come with a series of questions from each stakeholder. The budget holder will have different questions to the end user so you need to be prepared to address the needs and concerns of everyone involved in the process from end user to the buyer.

The quicker off the mark you are the better your chance of getting the stakeholder buy in you need. This also lets you iron out any objections, concerns or queries they may have with the introduction of GDPR. This will let you find the best solution to the GDPR conundrum for your organisation. By engaging people early, you are also negating the possibility of making decisions only to find stakeholders take issue to something when they enter the process later down the line.

If you map out the GDPR goals early, then you should be able to offer a clear understanding to stakeholders of what is needed to achieve the desired outcome. It needs to include background information about GDPR, the main drivers behind the new EU rule and the pitfalls associated with not auctioning a GDPR strategy. (i.e. 20 million euro fines or 4% of global turnover.)

For whatever GDPR strategy you adopt it’s important that you can clearly identify all the benefits and that the success of the project can easily be tracked.Due to thehefty fines associated with GDPR, it’s important that one of the main benefits can clearly show how the safety of personal data has been achieved throughout your entire organisation – so different departments relationship to data, whether it be legal or IT, will have different benefits that need addressed.   

Addressing risk is what GDPR is all about. It is crucial that any personal data you hold on EU citizens is controlled and contained in the proper manner if your GDPR project is to have any chance of success. For your stakeholders, it’s important to highlight any risks the project has itself. By highlighting any potential risks to shareholders, you will be able to show how these risks can be managed without impacting on the delivery of your GDPR project. This will also demonstrate to your stakeholders that you have looked at your GDPR project from all angles.

It’s important to get your stakeholders involved now on your GDPR project, if you haven’t already. In the unfortunate event that you’re still at the beginning stages of your GDPR thinking, we can set you on the right track with our GDPR resources which can be found here.