Data protection has been a hot topic this year because of GDPR coming into force in the EU earlier in 2018. Other countries are following – keeping customer, supplier and staff data confidential is so important. Data breaches have massive implications for projects and organisations.
As you know, much of this regular blog is all about budgeting and project financials, so I have come up with some ways to financially incentivise you to take data protection seriously on your projects – if you weren’t already.
Here are 5 ways that data protection can help you reduce the overall cost of your project.
1. Avoid Fines
Get your project requirements right and you are less likely to implement something that puts you at risk of regulatory fines.
Regulations vary from country to country but many jurisdictions have strict penalties and the potential for fines for data breaches. Thinking about data protection can protect your project from being the cause of a data breach and opening up the organisation to fines.
2. Preserve Your Reputation
Do you really want your project to be the reason the company makes the front page of the financial news? Data loss and breaches can cause significant reputational damage to companies.
Putting data protection at the heart of what you deliver on your project also has a positive effect. Consumers are more interested in data protection now than ever before (at least, that’s how it seems to me). So you may gain market share and more acceptance for your project because you’ve taken data concerns seriously.
3. Avoid Litigation
It isn’t just regulatory fines and regulatory bodies that may take action against your company. Members of the public (including staff) can also bring claims against your company due to data loss. After all, if your personal details were made public in a way that caused you loss or damaged your reputation, wouldn’t you want some justice for the situation?
If individuals are not interested in financial payouts for themselves, they may want to bring what they see as large corporations who haven’t acted fairly into the spotlight. The intention may be to damage the reputation of your firm through a court case, or simply to make sure that companies like yours take data protection seriously. A claim could be motivated by someone not wanting others to suffer the indiscretions that they themselves have been subject to.
4. Shine a Light on Problems
Experienced project managers know that fixing problems early in a project is the way to make changes cheaply. It’s more expensive to change a product the further along the project timeline it is. The more work that’s been done, the more needs to be undone, changed and done again.
Looking at data protection and privacy early on in the project helps you shine a light on things that might be an issue. For example, you can spot where, say, an IT project gathers information that might be intrusive to privacy, so you can rethink the data collected by the software. Or you could incorporate more security protocols to boost customer confidence in your software. Even small things, like training new staff recruited to work in your new shop, can be planned for and managed easier if the requirements are identified at the beginning of a project.
5. Improve Staff Morale and Loyalty
Data protection isn’t the most exciting of subjects, but staff see training as an investment in their careers. If you build data protection training into the way your project is deployed, or for your team members working on the project deliverables, you can influence their intention to stay with the company. Training and investing in people can improve staff morale.
In reality, I don’t think anyone is going to declare undying loyalty to your business just because you offered them data protection training as part of your project, but it contributes to the overall feeling that staff have about the business. Especially about the organisation’s commitment to staff development.
However, it’s also a way to improve staff retention. If you can give team members skills that they can use going forward, they are more likely to be useful to the business. Research by PwC shows that 74% of people are ready to learn new skills or completely retrain in order to remain employable – and I’m sure that data protection and data privacy are topics that are definitely going to be needed in the future.
So how do you build data protection into your project plan?
Incorporating Data Protection into Project Plans
Data protection considerations can be built into your project plans early. Make data protection and privacy implications part of the non-functional requirements for the project.
Use a Data Protection Impact Assessment (DPIA) document template to help you identify potential pitfalls in the project.
There’s more information about what needs to go in a DPIA and what it is for on the ICO website, along with a sample DPIA template (scroll down). The ICO is the UK data regulator. You may find that your own country’s data regulator/information commissioner has a template they would prefer you to use, or that is written in your language.
The point of a DPIA is to bring to the front of people’s minds the fact that personal data is a big part of your project. It helps you ask the right questions about the project and what it is going to deliver. Then you can make sure you are thinking about the right things for your requirements such as database security, minimising the amount of data collected, access rights and destruction policies and more.
Not sure what topics you should be thinking about? Here are 10 data protection considerations for your project to get you started off in the right direction.
Overall, data protection can be a costly issue for businesses, so it really does pay to get your privacy requirements set up correctly from the start. If you do this, you can avoid budget overruns and project delays because you’ll be getting data protection right first time.
Pin it for later: