Data privacy for projects
From the The Money Files Blog
by Elizabeth Harrin
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts.
Written by Elizabeth Harrin from RebelsGuideToPM.com.
Recent Posts
How to learn AI the sensible way
Making sense of project cost reports
How real PM mentoring actually works
The Accidental Product Manager: What project managers need to know
How healthy are your project finances?
Categories
accounting,
agile,
ai,
appraisals,
Artificial Intelligence,
audit,
Backlog,
Benchmarking,
benefits,
Benefits Management,
Benefits Realization,
Bias,
books,
budget,
Business Case,
business case,
business case,
Career Development,
Career Development,
carnival,
case study,
Change Management,
checklist,
collaboration tools,
communication,
Communications Management,
competition,
complex projects,
Conferences,
config management,
consultancy,
contingency,
contracts,
corporate finance,
corporate finance,
cost,
Cost Management,
cost management,
credit crunch,
CRM,
data,
data security,
debate,
Decision Making,
delegating,
digite,
earned value,
Education,
Energy and Utilities,
Estimating,
events,
FAQ,
financial management,
financial management,
forecasting,
future,
GDPR,
general,
Goals,
Governance,
green,
Information Technology,
Innovation,
insurance,
interviews,
it,
Knowledge Management,
Leadership,
Lessons Learned,
measuring performance,
Mentoring,
merger,
methods,
metrics,
multiple projects,
negotiating,
Networking,
news,
Olympics,
organization,
Organizational Culture,
outsourcing,
personal finance,
Planning,
pmi,
PMO,
PMO,
Portfolio Management,
portfolio management,
presentations,
privacy policy,
process,
procurement,
product management,
productivity,
Program Management,
project closure,
project data,
project delivery,
Project Success,
project testing,
prototyping,
qualifications,
Quality,
quality,
Quarterly Review,
records,
recruitment,
reports,
requirements,
research,
resilience,
Resource Management,
resources,
risk,
Risk Management,
ROI,
salaries,
Schedule Management,
Scheduling,
scope,
Scope Management,
security,
small projects,
Social Impact,
social impact,
social media,
software,
software,
software,
Stakeholder Management,
stakeholders,
Strategy,
success factors,
supplier management,
team,
Teams,
testing,
testing,
timesheets,
tips,
training,
transparency,
trends,
value management,
vendors,
video,
virtual teams,
workflow
Date
I don’t know about your projects, but the role of data privacy and information governance has certainly expanded since I started managing projects.
Data privacy has become a critical concern for organisations globally, and you only have to look at high-profile cases in the media about ransomware attacks, data leaks and breaches to realise that we’re all only one potential hack away from a major problem. Is that on your risk register? It could be.
Projects use or create a lot of sensitive data, depending on what industry you are in. Even if you aren’t dealing with medical records, your project probably includes some confidential company information for you or your clients. Even operational data could be sensitive if a competitor got it.
Therefore, project management processes have to take into account data privacy standards. Meeting those are the basics. You have to maintain trust in your organisation and avoid exposing the business to significant legal and financial consequences. Non-compliance can result in fines and reputational damage, and there are plenty of cases in the UK, for example, where GDPR breaches have been heavily fined.
In this article, we will discuss the key data privacy regulations that impact project management, how to assess your project management tools for compliance, and steps you can take to ensure your team handles project data securely.
Data privacy regulations
I know that readers come from all around the world, and privacy laws differ, so I’m not going to try to list all the relevant global legislation. Suffice to say that in the UK where I am based, GDPR is a key regulation. Where you are will no doubt have similar regulations on how personal data is collected, processed, and stored.
The laws that I am aware of generally all have similar aims: to ensure data is collected for the right reasons, stored securely and disposed of appropriately, and that data subjects know what is being done with their personal information.
Key principles of data privacy
Projects should take into account how data privacy is going to affect the work of the project and deliverables. Generally (although I’m not a legal expert in your country’s regulations, so take advice from your information governance team), what you are looking for are the following.
Data minimisation
Collect only the data necessary for the project’s purpose. Don’t collect extra things because they would be nice to have or would help a future project. Work out what data is required for the purpose of this project, and that’s all you can have.
Purpose limitation
This principle says that you have to ensure that data is used only for the purpose for which it was collected. In other words, if your project is collecting data for the purpose of processing a customer order, you can’t then use it for something else.
Consent management
People need to know what they are consenting to and what you are going to do with their data. this is all about transparency. If your project is collecting data from people that you didn’t have before, obtain explicit consent for that. Mostly this will be covered off by any privacy notice you have on the site, or in your terms and conditions – so you must make sure your project links in with any existing consent management systems (or builds a new one if needed)
Data security
Not surprising – if you need to build measures to protect data from unauthorised access, breaches, and leaks, do that, or tap into what already exists. This goes for user access too, so make sure only the right people in your company have access to data.
Transparency and accountability
Keep clear records of data handling practices and be transparent with customers about how their data is used. You may find this is already covered in existing terms and conditions or privacy notices, but always take advice from your legal or information governance team, or data protection officer to make sure your project isn’t introducing anything that would diminish existing processes or require new ones.
Posted on: May 13, 2025 08:00 AM |
Permalink
Comments (6)
Please login or join to subscribe to this item
Luis Branco
CEO| Business Insight, Consultores de Gestão, Ldª
Carcavelos, Lisboa, Portugal
This is an excellent introduction to a topic that’s becoming increasingly critical in project management.
The article effectively highlights the growing relevance of data privacy and outlines key principles such as minimization, purpose limitation, and consent — all essential for protecting not only information but also stakeholder trust.
One suggestion would be to explore the integration of privacy by design and Data Protection Impact Assessments (DPIAs) into project workflows, especially for initiatives handling sensitive or personal data. It might also be valuable to show how privacy concerns connect with core project processes like risk management, procurement, and governance.
Overall, a strong and timely piece — thank you for bringing attention to an area that is often overlooked until it becomes urgent.
Kwiyuh Michael Wepngong
Community Champion
Financial Management Specialist | US Peace Corps
Yaounde, Centre, Cameroon
Binay Samanta
Director| Project & Environment Consultants
Dhanbad, India
Project management processes have to take into account data privacy standards. Maintain trust for significant legal and financial consequences. Non-compliance can result in fines and reputational damage.
Marc Kane
Associate Director | Digital Core - Oracle| Accenture
Los Angeles, CA, United States
In management consulting, data privacy is no longer an isolated consideration (it’s embedded into every decision that shapes client outcomes and trust).
This serves as a reminder that project teams need to internalize privacy as a design principle (not just a checkpoint). We’ve seen how easy it is for well-intended programs to introduce risks unintentionally (vendor dependencies, shadow systems, or quick wins that sidestep governance). Guarding against those lapses starts with building awareness into the cadence of project delivery (instead of tacking it on at the end).
A.I. is only increasing the stakes. As we incorporate more automation into project workflows (from predictive analytics to generative interfaces), the definition of “personal data” expands, and so does the need for precision in how we handle, secure, and contextualize information. The goal should be credibility in addition to compliance. Clients are watching closely, and the firms that lead will be those who treat privacy as a strategic lever instead of a constraint.
These conversations will greatly shape the next era of responsible delivery.
Solid job of breaking down data privacy principles (minimization, purpose, consent, security, transparency) into language that project managers can act on. It’s practical, yet grounded in the regulatory context (like GDPR). The strength lies in making privacy feel less like a “legal” issue and more like a core PM responsibility. Could be even stronger if it had more case examples or checklists for applying these ideas in day-to-day projects.
Please Login/Register to leave a comment.
|
The greatest mistake you can make in life is to be continually fearing you will make one.
- Elbert Hubbard
|
