Part 2 of a series
Achieving GDPR readiness, no matter your industry, requires more than simply tasking your company’s legal team to address the issue. Much like it takes a variety of skilled tradespeople to build a house – electricians, plumbers, carpenters and more – complying with the EU’s General Data Protection Regulation requires buy-in from executives throughout your organization, with responsibilities spread across many functions ranging from human resources to legal to audit and finance.
In Part 1 of this series, we talked about the importance of establishing good project governance on your journey to GDPR readiness. In this post, we will show you why – and how to do it. It is critical to get the right people involved and empower them with the tools, resources and decision-making power they need to get the job done.
When setting up a cross-function GDPR team, we suggest four steps:
Once your GDPR team and governance framework are in place, it’s time to start assigning specific projects, which will contain multiple workstreams. As you can see in the chart below, there are many moving parts in the journey to May 2018, and there will be some overlap among the workstreams, which will run in parallel across multiple lines of business and geographies. This graphic intentionally shows placeholders for Projects 3 and 4, illustrating how you'd need to identify workstreams before starting.
Because GDPR will impact so many areas of your business, it is vital to have a strong plan, to coordinate and communicate, and to ensure you have taken all the necessary preparatory steps that will enable success. Without defined roles, cross-functional buy-in, frequent touchpoints and clearly identified executives who will own the process, employees can lose focus. The stakes are too high to let any part of your GDPR preparations fail.
In our next post, we’ll discuss how to build an executable remediation plan for you GDPR readiness program.