Project Management

Data privacy for projects

From the The Money Files Blog
by Elizabeth Harrin

A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from RebelsGuideToPM.com.

About this Blog

RSS

Categories

accounting, agile, ai, appraisals, Artificial Intelligence, audit, Backlog, Benchmarking, benefits, Benefits Management, Benefits Realization, Bias, books, budget, Business Case, business case, Career Development, Career Development, carnival, case study, Change Management, checklist, collaboration tools, Communication, communication, competition, complex projects, Conferences, config management, consultancy, contingency, contracts, corporate finance, Cost, cost, cost management, credit crunch, CRM, data, data security, debate, Decision Making, delegating, digite, earned value, Education, Energy and Utilities, Estimating, events, FAQ, financial management, forecasting, future, GDPR, general, Goals, Governance, green, Human Resources PM, Innovation, insurance, interviews, it, IT Project Management, IT Strategy, Knowledge Management, Leadership, Lessons Learned, measuring performance, Mentoring, merger, methods, metrics, multiple projects, negotiating, Networking, news, Olympics, organization, Organizational Culture, outsourcing, personal finance, Planning, pmi, PMO, portfolio management, Portfolios (PPM), presentations, privacy policy, process, procurement, productivity, Program Management, Programs (PMO), project closure, project data, project delivery, Project Success, project testing, prototyping, qualifications, Quality, quality, Quarterly Review, records, recruitment, reports, requirements, research, resilience, resources, Risk, risk, ROI, salaries, Scheduling, Scope, scope, security, small projects, social media, software, Stakeholder, stakeholders, success factors, supplier management, team, Teams, Time, timesheets, tips, training, transparency, trends, value management, vendors, video, virtual teams, workflow

Date

Email Notifications

Categories: data, data security, privacy policy, security, transparency

I don’t know about your projects, but the role of data privacy and information governance has certainly expanded since I started managing projects.

Data privacy has become a critical concern for organisations globally, and you only have to look at high-profile cases in the media about ransomware attacks, data leaks and breaches to realise that we’re all only one potential hack away from a major problem. Is that on your risk register? It could be.

Projects use or create a lot of sensitive data, depending on what industry you are in. Even if you aren’t dealing with medical records, your project probably includes some confidential company information for you or your clients. Even operational data could be sensitive if a competitor got it.

Therefore, project management processes have to take into account data privacy standards. Meeting those are the basics. You have to maintain trust in your organisation and avoid exposing the business to significant legal and financial consequences. Non-compliance can result in fines and reputational damage, and there are plenty of cases in the UK, for example, where GDPR breaches have been heavily fined.

In this article, we will discuss the key data privacy regulations that impact project management, how to assess your project management tools for compliance, and steps you can take to ensure your team handles project data securely.

data privacy

Data privacy regulations

I know that readers come from all around the world, and privacy laws differ, so I’m not going to try to list all the relevant global legislation. Suffice to say that in the UK where I am based, GDPR is a key regulation. Where you are will no doubt have similar regulations on how personal data is collected, processed, and stored.

The laws that I am aware of generally all have similar aims: to ensure data is collected for the right reasons, stored securely and disposed of appropriately, and that data subjects know what is being done with their personal information.

Key principles of data privacy

Projects should take into account how data privacy is going to affect the work of the project and deliverables. Generally (although I’m not a legal expert in your country’s regulations, so take advice from your information governance team), what you are looking for are the following.

Data minimisation

Collect only the data necessary for the project’s purpose. Don’t collect extra things because they would be nice to have or would help a future project. Work out what data is required for the purpose of this project, and that’s all you can have.

Purpose limitation

This principle says that you have to ensure that data is used only for the purpose for which it was collected. In other words, if your project is collecting data for the purpose of processing a customer order, you can’t then use it for something else.

Consent management

People need to know what they are consenting to and what you are going to do with their data. this is all about transparency. If your project is collecting data from people that you didn’t have before, obtain explicit consent for that. Mostly this will be covered off by any privacy notice you have on the site, or in your terms and conditions – so you must make sure your project links in with any existing consent management systems (or builds a new one if needed)

Data security

Not surprising – if you need to build measures to protect data from unauthorised access, breaches, and leaks, do that, or tap into what already exists. This goes for user access too, so make sure only the right people in your company have access to data.

Transparency and accountability

Keep clear records of data handling practices and be transparent with customers about how their data is used. You may find this is already covered in existing terms and conditions or privacy notices, but always take advice from your legal or information governance team, or data protection officer to make sure your project isn’t introducing anything that would diminish existing processes or require new ones.

Posted on: May 13, 2025 08:00 AM | Permalink

Comments (4)

Please login or join to subscribe to this item

Luis Branco CEO| Business Insight, Consultores de Gestão, Ldª Carcavelos, Lisboa, Portugal

This is an excellent introduction to a topic that’s becoming increasingly critical in project management.
The article effectively highlights the growing relevance of data privacy and outlines key principles such as minimization, purpose limitation, and consent — all essential for protecting not only information but also stakeholder trust.

One suggestion would be to explore the integration of privacy by design and Data Protection Impact Assessments (DPIAs) into project workflows, especially for initiatives handling sensitive or personal data. It might also be valuable to show how privacy concerns connect with core project processes like risk management, procurement, and governance.

Overall, a strong and timely piece — thank you for bringing attention to an area that is often overlooked until it becomes urgent.

Posted: May 15, 2025 4:25 AM

Kwiyuh Michael Wepngong

Community Champion

Financial Management Specialist | US Peace Corps / Cameroon Yaounde, Centre, Cameroon

Thanks for this

Posted: May 19, 2025 9:28 AM

Isioma Okoh Calgary, Canada

Thanks for sharing.

Posted: May 21, 2025 8:57 PM

Binay Samanta Director| Project & Environment Consultants Dhanbad, India

Project management processes have to take into account data privacy standards. Maintain trust for significant legal and financial consequences. Non-compliance can result in fines and reputational damage.

Posted: May 22, 2025 1:09 PM

Please Login/Register to leave a comment.