The GDPR Dream Team

February 2, 2018 4:16 pm Hugo Henderson

So you are responsible for your organisation’s GDPR project. Imagine you had the option to choose the best people in your business to assist with the implementation of the GDPR regulation? You would select those individuals with the corporate standing and personal reputation for getting things done. All the hard decisions and agonising over remediation projects could be resolved in a fraction of the time. Everyone would participate in completing the data gathering and contribute diligently to establishing a baseline assessment of your organisations risk position in relation to GDPR.

Is this wishful thinking?

If the answer is yes, then your GDPR project is already experiencing troubles. Without the correct people on board, the task of achieving GDPR compliance will be unnecessarily difficult. GDPR is a change management project. It will change the way you do business in relation to personal data. From recent research it has been established that over 60% of all change management projects fail. Mainly as a result of under investment and lack of ownership amongst key stakeholders and business champions.

The first step to avoid these pitfalls and maybe acquiring that dream team is to provide the best possible training that you can afford. Ideally, good classroom based training is the gold standard. However it is time consuming and difficult to organise. Alternatively, high quality, role based eLearning will get the job done. You have to embed GDPR in the corporate consciousness. At the moment it feels like someone else’s problem for most of your co-workers.

But before you run off and start collecting information on data processing activities, get everyone in a room with a whiteboard. GDPR is different for every organisation as they all have different structures, history and business processes. Start working out what the most natural way of representing the hierarchy of your data assets. This could be by geography or by line of business. Find the one that suits you. Next comes the task of determining who the data processing champions are within this structure. This activity will also bring out the structure of the way you want staff to return information to you in order to collate everything in a manner that will allow us to determine trends.