Project Management

The Money Files

by
A blog that looks at all aspects of project and program finances from budgets, estimating and accounting to getting a pay rise and managing contracts. Written by Elizabeth Harrin from RebelsGuideToPM.com.
accounting | agile | ai | audit | benefits | Benefits Management | books | budget | business case | carnival | case study | checklist | collaboration tools | communication | competition | complex projects | consultancy | contingency | contracts | corporate finance | cost | cost management | credit crunch | data | data security | debate | delegating | earned value | events | FAQ | financial management | forecasting | future | general | Goals | green | interviews | it | measuring performance | methods | metrics | multiple projects | negotiating | news | organization | outsourcing | pmi | PMO | portfolio management | presentations | privacy policy | process | procurement | productivity | project closure | project data | project delivery | Project Success | project testing | prototyping | qualifications | quality | Quarterly Review | records | recruitment | reports | requirements | research | resilience | resources | risk | ROI | salaries | scope | security | small projects | social media | software | stakeholders | success factors | supplier management | team | timesheets | tips | training | transparency | trends | value management | vendors | video | virtual teams | workflow | show all posts

About this Blog

RSS

Recent Posts

What does resilience mean for project teams?

The benefits process

Benefits brainstorm!

What to look for in project management software: Data privacy edition

Training teams on data privacy best practices

Categories

accounting, agile, ai, appraisals, Artificial Intelligence, audit, Backlog, Benchmarking, benefits, Benefits Management, Benefits Realization, Bias, books, budget, Business Case, business case, Career Development, Career Development, carnival, case study, Change Management, checklist, collaboration tools, Communication, communication, competition, complex projects, Conferences, config management, consultancy, contingency, contracts, corporate finance, Cost, cost, cost management, credit crunch, CRM, data, data security, debate, Decision Making, delegating, digite, earned value, Education, Energy and Utilities, Estimating, events, FAQ, financial management, forecasting, future, GDPR, general, Goals, Governance, green, Human Resources PM, Innovation, insurance, interviews, it, IT Project Management, IT Strategy, Knowledge Management, Leadership, Lessons Learned, measuring performance, Mentoring, merger, methods, metrics, multiple projects, negotiating, Networking, news, Olympics, organization, Organizational Culture, outsourcing, personal finance, Planning, pmi, PMO, portfolio management, Portfolios (PPM), presentations, privacy policy, process, procurement, productivity, Program Management, Programs (PMO), project closure, project data, project delivery, Project Success, project testing, prototyping, qualifications, Quality, quality, Quarterly Review, records, recruitment, reports, requirements, research, resilience, resources, Risk, risk, ROI, salaries, Scheduling, Scope, scope, security, small projects, social media, software, Stakeholder, stakeholders, success factors, supplier management, team, Teams, Time, timesheets, tips, training, transparency, trends, value management, vendors, video, virtual teams, workflow

Date

Data considerations for your project


Last month I looked at some of the basics for data privacy on projects. Let’s go into that in a bit more depth this month, by looking at some of the project tasks you can schedule to help manage data on your project within the regulations of your country, whatever they are.

data audit

  1. Data mapping

The first activity you can schedule is data mapping. You might already have a customer journey or user flows or process maps. Can you add a swimlane for data on that? Or if necessary, create a new data map.

The data mapping exercise should help you understand where, how, and why data is being collected throughout the project lifecycle and beyond.

  1. Data Processing Agreements (DPAs)

Another task is creating DPAs with the relevant parties for your project. This is normally something you’d do as you contract with a third party, so lean into the legal or procurement team for support.

A DPA is a document that outlines how data will be handled, stored, and protected. There is probably a template within your organisation already.

Alternatively, the task is to check that DPAs are already in place, if the vendor is one that you use regularly. I like the kind of tasks that can easily be checked off! They help the team feel they are making progress and ensure that you are putting compliance at the forefront of your processes.

  1. Due diligence

Schedule time to conduct due diligence on third-party tools and vendors to ensure their privacy and security measures meet your organisation’s data protection requirements. You probably won’t be doing the actual due diligence, so talk to your procurement or legal teams, or the data protection officer to find out how this will happen.

Again, if your company already has a relationship with the third-party, the task here is to check that it was done at some point and does not need to be done again.

  1. Data security and risk mitigation

Make sure there are activities on the schedule that involve implementing strong security measures to protect project data. That could include setting up multi-factor authentication, data encryption, and secure access protocols.

Generally, the IT team would have to take responsibility for doing these things or checking that they are already in place from a third party. Talk to them about the kinds of tasks that need to go on the schedule so they have enough time to put security measures live before the project launches.

  1. Testing

Make time for data testing. For example, schedule penetration testing. Look through your risk register for risks related to data breaches or leaks and have mitigation strategies in place that you can test out. That might be checking you can restore from back up or testing security protocols for data access.

Again, talk to your technical teams about what this might look like for your projects and put the time in for this work so it doesn’t get squeezed in at the last minute or forgotten about.

All of these scheduleable (is that a word?) tasks will help you address any risks or issues relating to non-compliance and show that you are actively prioritising data privacy. Next time I’m going to look at training teams on data privacy best practices. Meanwhile, why not share your experiences of data on your projects in the comments below? Thanks!

Posted on: June 03, 2025 09:00 AM | Permalink | Comments (4)

Data privacy for projects


I don’t know about your projects, but the role of data privacy and information governance has certainly expanded since I started managing projects.

Data privacy has become a critical concern for organisations globally, and you only have to look at high-profile cases in the media about ransomware attacks, data leaks and breaches to realise that we’re all only one potential hack away from a major problem. Is that on your risk register? It could be.

Projects use or create a lot of sensitive data, depending on what industry you are in. Even if you aren’t dealing with medical records, your project probably includes some confidential company information for you or your clients. Even operational data could be sensitive if a competitor got it.

Therefore, project management processes have to take into account data privacy standards. Meeting those are the basics. You have to maintain trust in your organisation and avoid exposing the business to significant legal and financial consequences. Non-compliance can result in fines and reputational damage, and there are plenty of cases in the UK, for example, where GDPR breaches have been heavily fined.

In this article, we will discuss the key data privacy regulations that impact project management, how to assess your project management tools for compliance, and steps you can take to ensure your team handles project data securely.

data privacy

Data privacy regulations

I know that readers come from all around the world, and privacy laws differ, so I’m not going to try to list all the relevant global legislation. Suffice to say that in the UK where I am based, GDPR is a key regulation. Where you are will no doubt have similar regulations on how personal data is collected, processed, and stored.

The laws that I am aware of generally all have similar aims: to ensure data is collected for the right reasons, stored securely and disposed of appropriately, and that data subjects know what is being done with their personal information.

Key principles of data privacy

Projects should take into account how data privacy is going to affect the work of the project and deliverables. Generally (although I’m not a legal expert in your country’s regulations, so take advice from your information governance team), what you are looking for are the following.

Data minimisation

Collect only the data necessary for the project’s purpose. Don’t collect extra things because they would be nice to have or would help a future project. Work out what data is required for the purpose of this project, and that’s all you can have.

Purpose limitation

This principle says that you have to ensure that data is used only for the purpose for which it was collected. In other words, if your project is collecting data for the purpose of processing a customer order, you can’t then use it for something else.

Consent management

People need to know what they are consenting to and what you are going to do with their data. this is all about transparency. If your project is collecting data from people that you didn’t have before, obtain explicit consent for that. Mostly this will be covered off by any privacy notice you have on the site, or in your terms and conditions – so you must make sure your project links in with any existing consent management systems (or builds a new one if needed)

Data security

Not surprising – if you need to build measures to protect data from unauthorised access, breaches, and leaks, do that, or tap into what already exists. This goes for user access too, so make sure only the right people in your company have access to data.

Transparency and accountability

Keep clear records of data handling practices and be transparent with customers about how their data is used. You may find this is already covered in existing terms and conditions or privacy notices, but always take advice from your legal or information governance team, or data protection officer to make sure your project isn’t introducing anything that would diminish existing processes or require new ones.

Posted on: May 13, 2025 08:00 AM | Permalink | Comments (5)
ADVERTISEMENTS

"Man will occasionally stumble over the truth, but most times he will pick himself up and carry on."

- Winston Churchill

ADVERTISEMENT

Sponsors





Newsletters

Jul 9: Stop Managing Up, Start Leading Across
Jun 18: Making Your Career Sustainable
Jun 11: 4 Sustainability Layers Every PM Must Consider

See all newsletters