How to budget for a GDPR project

How to budget for a GDPR project

How to budget for a GDPR project

If you have been to any conferences lately, looked at privacy websites or spoken to your trusted privacy advisor, you have probably heard with increasing frequency the following tune: the May 2018 deadline for the GDPR is approaching fast,  and you should be prepared and budget accordingly.

But what does this mean in concrete terms? Here are some tips on how to better estimate the costs of a GDPR project, breaking down the problem of budgeting into two clear steps.

First of all, what kind of changes should you expect?

The starting point for all budget planning is to understand the legal changes the GDPR will bring for your business. The GDPR brings a lot of changes for particular industries, for example, a change to the age that children can consent, which will be relevant for companies targeting children with their services or marketing. Other changes concern the definition of profiling and the right of data portability. Those types of changes have been described already in a lot of articles, such as the Bird & Bird Guide to the GDPR.   

Read Also:
Skills for a new age – the need for data fluency in the info economy

Of even more importance from a budgeting point of view is the fact that the GDPR takes a fundamentally different approach to how privacy should be managed in an Organization. Instead of relying on notifications of processing to data protection authorities, there will be many more obligations on organizations themselves to document data processing internally and manage risk accordingly. Organizations are accountable for implementing those changes, and many will need to appoint an internal or external data protection officer. The roles of processor and controller will change to some degree, which will necessitate changes to contract templates and potential renegotiation of contracts with vendors. It is advisable to address those changes via a privacy program with a special focus on GDPR. 

What will a typical GDPR project look like?

Typically, launching a GDPR project starts with a quite comprehensive privacy audit. The audit should look at least four areas of compliance: external communications, internal instructions, risk management and privacy processes, such as vendor management. External communications in this context means communications to consumers and customers as well as data protection authorities, commonly made through privacy policies or statements as well as consent forms. External communications need to be supplemented internally with instructions, for example by drafting a data-retention policy or policies regarding standard security measures. A very important part of any GDPR project should be risk management, in particular setting up a process that documents data processing and evaluates privacy risks. Where needed, this process will also lead to privacy impact assessments and subsequently decisions on risk by a competent body within the company.

Read Also:
IBM Watson, FDA to explore blockchain for secure patient data exchange

 



HR & Workforce Analytics Summit 2017 San Francisco

19
Jun
2017
HR & Workforce Analytics Summit 2017 San Francisco

$200 off with code DATA200

Read Also:
10 Cool Machine Learning Startups To Watch

M.I.E. SUMMIT BERLIN 2017

20
Jun
2017
M.I.E. SUMMIT BERLIN 2017

15% off with code 7databe

Read Also:
How Big Data From Connected Assets Enables Better Decision Making

Sentiment Analysis Symposium

27
Jun
2017
Sentiment Analysis Symposium

15% off with code 7WDATA

Read Also:
Using artificial intelligence to create invisible UI

Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

28
Jun
2017
Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

15% off with code 7WDATA

Read Also:
Why Do IoT Companies Keep Building Devices with Huge Security Flaws?

AI, Machine Learning and Sentiment Analysis Applied to Finance

28
Jun
2017
AI, Machine Learning and Sentiment Analysis Applied to Finance

15% off with code 7WDATA

Read Also:
Skills for a new age – the need for data fluency in the info economy

Leave a Reply

Your email address will not be published. Required fields are marked *