How to budget for a GDPR project

How to budget for a GDPR project

How to budget for a GDPR project

If you have been to any conferences lately, looked at privacy websites or spoken to your trusted privacy advisor, you have probably heard with increasing frequency the following tune: the May 2018 deadline for the GDPR is approaching fast,  and you should be prepared and budget accordingly.

But what does this mean in concrete terms? Here are some tips on how to better estimate the costs of a GDPR project, breaking down the problem of budgeting into two clear steps.

First of all, what kind of changes should you expect?

The starting point for all budget planning is to understand the legal changes the GDPR will bring for your business. The GDPR brings a lot of changes for particular industries, for example, a change to the age that children can consent, which will be relevant for companies targeting children with their services or marketing. Other changes concern the definition of profiling and the right of data portability. Those types of changes have been described already in a lot of articles, such as the Bird & Bird Guide to the GDPR.   

Read Also:
How Advanced Analytics Can Shore Up Defenses Against Data Theft

Of even more importance from a budgeting point of view is the fact that the GDPR takes a fundamentally different approach to how privacy should be managed in an organization. Instead of relying on notifications of processing to data protection authorities, there will be many more obligations on organizations themselves to document data processing internally and manage risk accordingly. Organizations are accountable for implementing those changes, and many will need to appoint an internal or external data protection officer. The roles of processor and controller will change to some degree, which will necessitate changes to contract templates and potential renegotiation of contracts with vendors. It is advisable to address those changes via a privacy program with a special focus on GDPR. 

What will a typical GDPR project look like?

Typically, launching a GDPR project starts with a quite comprehensive privacy audit. The audit should look at least four areas of compliance: external communications, internal instructions, risk management and privacy processes, such as vendor management. External communications in this context means communications to consumers and customers as well as data protection authorities, commonly made through privacy policies or statements as well as consent forms. External communications need to be supplemented internally with instructions, for example by drafting a data-retention policy or policies regarding standard security measures. A very important part of any GDPR project should be risk management, in particular setting up a process that documents data processing and evaluates privacy risks. Where needed, this process will also lead to privacy impact assessments and subsequently decisions on risk by a competent body within the company.

Read Also:
Global governance is what makes big data valuable

 



Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
Hot new big data analytics jobs you need to know

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
3 ways AI will change project management for the better

Chief Data Officer Summit San Francisco

7
Jun
2017
Chief Data Officer Summit San Francisco

$200 off with code DATA200

Read Also:
Data Quality Return on Investment: How It Saves You Money

Customer Analytics Innovation Summit Chicago

7
Jun
2017
Customer Analytics Innovation Summit Chicago

$200 off with code DATA200

Read Also:
This new discovery could put quantum computers within closer reach

Big Data and Analytics Marketing Summit London

12
Jun
2017
Big Data and Analytics Marketing Summit London

$200 off with code DATA200

Read Also:
Why big data is the key to customer success

Leave a Reply

Your email address will not be published. Required fields are marked *