With less than one year to go, executives armed with General Data Protection Regulation (GDPR) readiness assessments and a long list of compliance gaps are well aware that compliance with the upcoming EU’s GDPR requires more than an ad hoc approach.
A solid project governance framework with cross-functional oversight and project plan is key to being able to methodically chart a journey that meets the business objective, whether that is minimal compliance or establishing a market differentiator in data usage and protection.
For companies doing business in Europe, the stakes are high. Regulators have indicated there will be no grace period for compliance with the new regulation. With fines of up to 4% of the total worldwide annual revenue for non-compliance and a looming prospect of consumer class actions, there is strong incentive to get it right from day one.
Over the next few months, through a series of brief articles like this, we will show executives how to pivot from the early “assessment” phase -- determining current data practices, inventorying data and assessing current capabilities -- towards solving the problem of “what now”: designing and operationalizing an ongoing program that allows for sustainable and demonstrable compliance through a project management framework. In these articles, we will address specific aspects of operationalizing the GDPR program, such as:
For many privacy leaders -- especially those rising from a privacy counsel background, launching a privacy PMO will require a big mind shift. There are three main reasons for this:
That is why we believe establishing a strong program management function will be critical in the coming months to enable leadership to prioritize efforts, secure buy-in from cross-functional senior-level stakeholders, and ensure all related projects are coordinated.
With the clock ticking, organizations must approach the GDPR challenge with a broad perspective and a sense of urgency. If done correctly, companies can leverage their efforts in a way that not just ensures compliance, but improves their data protection and privacy in ways that create a strong brand around privacy protection in the marketplace and becomes a competitive differentiator. In subsequent blog posts, we will examine in depth specific parts of the journey. Establishing a solid project management framework is an important first step.
Managing Director, Cybersecurity and Privacy
Tel: +1 (646) 471 5644