Data considerations for your project
From the The Money Files Blog
by Elizabeth Harrin
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts.
Written by Elizabeth Harrin from RebelsGuideToPM.com.
Recent Posts
How to learn AI the sensible way
Making sense of project cost reports
How real PM mentoring actually works
The Accidental Product Manager: What project managers need to know
How healthy are your project finances?
Categories
accounting,
agile,
ai,
appraisals,
Artificial Intelligence,
audit,
Backlog,
Benchmarking,
benefits,
Benefits Management,
Benefits Realization,
Bias,
books,
budget,
Business Case,
business case,
business case,
Career Development,
Career Development,
carnival,
case study,
Change Management,
checklist,
collaboration tools,
communication,
Communications Management,
competition,
complex projects,
Conferences,
config management,
consultancy,
contingency,
contracts,
corporate finance,
corporate finance,
cost,
Cost Management,
cost management,
credit crunch,
CRM,
data,
data security,
debate,
Decision Making,
delegating,
digite,
earned value,
Education,
Energy and Utilities,
Estimating,
events,
FAQ,
financial management,
financial management,
forecasting,
future,
GDPR,
general,
Goals,
Governance,
green,
Information Technology,
Innovation,
insurance,
interviews,
it,
Knowledge Management,
Leadership,
Lessons Learned,
measuring performance,
Mentoring,
merger,
methods,
metrics,
multiple projects,
negotiating,
Networking,
news,
Olympics,
organization,
Organizational Culture,
outsourcing,
personal finance,
Planning,
pmi,
PMO,
PMO,
Portfolio Management,
portfolio management,
presentations,
privacy policy,
process,
procurement,
product management,
productivity,
Program Management,
project closure,
project data,
project delivery,
Project Success,
project testing,
prototyping,
qualifications,
Quality,
quality,
Quarterly Review,
records,
recruitment,
reports,
requirements,
research,
resilience,
Resource Management,
resources,
risk,
Risk Management,
ROI,
salaries,
Schedule Management,
Scheduling,
scope,
Scope Management,
security,
small projects,
Social Impact,
social impact,
social media,
software,
software,
software,
Stakeholder Management,
stakeholders,
Strategy,
success factors,
supplier management,
team,
Teams,
testing,
testing,
timesheets,
tips,
training,
transparency,
trends,
value management,
vendors,
video,
virtual teams,
workflow
Date
Last month I looked at some of the basics for data privacy on projects. Let’s go into that in a bit more depth this month, by looking at some of the project tasks you can schedule to help manage data on your project within the regulations of your country, whatever they are.
- Data mapping
The first activity you can schedule is data mapping. You might already have a customer journey or user flows or process maps. Can you add a swimlane for data on that? Or if necessary, create a new data map.
The data mapping exercise should help you understand where, how, and why data is being collected throughout the project lifecycle and beyond.
- Data Processing Agreements (DPAs)
Another task is creating DPAs with the relevant parties for your project. This is normally something you’d do as you contract with a third party, so lean into the legal or procurement team for support.
A DPA is a document that outlines how data will be handled, stored, and protected. There is probably a template within your organisation already.
Alternatively, the task is to check that DPAs are already in place, if the vendor is one that you use regularly. I like the kind of tasks that can easily be checked off! They help the team feel they are making progress and ensure that you are putting compliance at the forefront of your processes.
- Due diligence
Schedule time to conduct due diligence on third-party tools and vendors to ensure their privacy and security measures meet your organisation’s data protection requirements. You probably won’t be doing the actual due diligence, so talk to your procurement or legal teams, or the data protection officer to find out how this will happen.
Again, if your company already has a relationship with the third-party, the task here is to check that it was done at some point and does not need to be done again.
- Data security and risk mitigation
Make sure there are activities on the schedule that involve implementing strong security measures to protect project data. That could include setting up multi-factor authentication, data encryption, and secure access protocols.
Generally, the IT team would have to take responsibility for doing these things or checking that they are already in place from a third party. Talk to them about the kinds of tasks that need to go on the schedule so they have enough time to put security measures live before the project launches.
- Testing
Make time for data testing. For example, schedule penetration testing. Look through your risk register for risks related to data breaches or leaks and have mitigation strategies in place that you can test out. That might be checking you can restore from back up or testing security protocols for data access.
Again, talk to your technical teams about what this might look like for your projects and put the time in for this work so it doesn’t get squeezed in at the last minute or forgotten about.
All of these scheduleable (is that a word?) tasks will help you address any risks or issues relating to non-compliance and show that you are actively prioritising data privacy. Next time I’m going to look at training teams on data privacy best practices. Meanwhile, why not share your experiences of data on your projects in the comments below? Thanks!
Posted on: June 03, 2025 09:00 AM |
Permalink
Comments (6)
Please login or join to subscribe to this item
I've found it helpful for legal teams to provide an 'at-a-glance' version of the key rules that allow projects to stay compliant, as well as a more full version. This allows the requirements to be baked in to the scope up-front, and empowers the project team to refer back to it as guidance for data privacy as the project progresses.
Abdul Hamid Ayubzai
Senior Scheduler (Lead) Civil - Airfield| DFW International Airport
Dallas, Tx, United States
The article provides an excellent summary of practical methods to integrate data privacy into project processes. Early planning often overlooks data mapping and DPAs, yet they are crucial for maintaining compliance and mitigating downstream risks.
I especially appreciate the reminder to involve legal, procurement, and IT early. Privacy is a cross-functional effort, not a solo task. I eagerly anticipate your upcoming article on team training, as it's crucial to implement policies effectively.
Thanks for sharing these practical insights!
Great reminder. In my experience, data traceability from the design phase is often overlooked. Including it in the timeline saves a lot of trouble later.
Really useful breakdown, especially the reminder to map where data actually flows across the project. I’ve seen too many teams skip this step and end up firefighting later.
Hi Elizabeth,
Thanks your blog post.
Would a swimlane usuallly represent an actor instead of data?
Please Login/Register to leave a comment.
|
"The man who does not read books has no advantage over the man that can not read them."
- Mark Twain
|
Community Champion
