Project Initiation Checklist for GDPR Compliance Project

Ernesta Kavolėlienė at FutureLaw 2024

Conference FutureLaw 2024 May 16, 2024 Tallinn

The Project

Company X operates e-shop in the Baltic countries. The company has decided to start GDPR Compliance Project to ensure that their policies and practices meet the requirements of GDPR.

The main objective of the project

To comply with the GDPR requirements and avoid any legal risks, fines or reputation damages.

Total budget appointed

15 000 EUR.

Timeline

6 months.

Exercise:

  • Divide into groups.

  • Review partly filled Project Initiation Checklist for GDPR Compliance Project.

  • Discuss the proposed Scope,Timeline and revise them, if needed.

  • Discuss and allocate the budget.

Project Initiation Checklist for GDPR Compliance Project

1. Project Scope
  • Review current data handling practices of Company X.

  • Identify gaps between current practices and GDPR requirements.

  • Develop and implement necessary policies, procedures, and controls to ensure GDPR compliance.

  • Train employees on GDPR principles and best practices.

  • Establish mechanisms for ongoing monitoring and review of GDPR compliance.

2. Objectives
  • Achieve compliance with GDPR within 6 months.

  • Develop GDPR compliance program tailored to Company X’s operations.

  • Ensure that all customer data processing activities are conducted in accordance with GDPR requirements.

  • Promote a culture of GDPR compliance within Company X by fostering awareness and accountability among employees.

3. Stakeholders
  • Project Manager, Legal, Finance, HR, Marketing, Customer Service, Data Protection Officer (if applicable), Information Security Officer (if applicable), External GDPR consultant (if applicable), External Information security consultants (if applicable).

4. Timeline
Month 1: Project Planning and Preparation
  • Conduct initial stakeholder meetings to define project scope, objectives, and responsibilities.

  • Allocate resources and appoint project team members.

  • Conduct an assessment of current data handling practices.

  • Develop project plan and timeline.

Month 2-5: Implementation Phase
  • Develop GDPR-compliant policies, procedures, and documentation.

  • Implement necessary technical and organizational measures to ensure data protection.

  • Provide GDPR training to relevant employees.

  • Conduct gap analysis and remediation activities.

Month 6: Testing and Finalization
  • Conduct initial stakeholder meetings to define project scope, objectives, and responsibilities.

  • Allocate resources and appoint project team members.

  • Conduct an assessment of current data handling practices.

  • Develop project plan and timeline.

5. Budget Allocation:

Resource Allocation: (specify allocation of budget for personnel, 3rd party consultants, etc.).

Tools and Technology: (specify allocation of budget for GDPR compliance tools, e-training platforms, software, etc.).

Contingency: (allocate a portion of the budget for unforeseen expenses or adjustments).

Access the Checklist here.

Get acquainted with the speaker of the workshop!

We are here to assist you in the best way possible. If you have any questions related to the topic, feel free to contact Ernesta Kavolėlienė.

Our headquarters

Fondia Finland
Aleksanterinkatu 11 (Entrance at Kluuvikatu 6 A) FI-00100 Helsinki Finland
Fondia Estonia
Rotermanni 14 EE-10111 Tallinn Estonia
Fondia Lithuania
Gedimino pr. 20 LT-01103 Vilnius Lithuania
Fondia Sweden
Kungsgatan 56 SE-11122 Stockholm Sweden