Frustrated man

Data protection program control

Top 3 data protection program issues and how to start resolving them: #20

You must be in control of your work and anticipate events that can de-rail it.

Demonstrating you’re in control, especially to your senior stakeholders, steering committee or sponsor, is critical.

Not just for your company, but for your career prospects, too.

Here are 3 common issues I come across.


#1 Traditional ‘rear view mirror’ monitoring and reporting

Most status reports focus on things that have already happened, or should have happened.

Completed tasks.

Tasks that slipped.

Fine when things go well.

You better have the right answers when things slide.

Common reasons programs fail include lack of buy-in, de-motivated teams, uncontrolled scope changes, poor prioritisation and poor risk management.

Monitoring and reporting these critical elements to senior leaders gives you the opportunity to raise flags and implement corrective actions.

Before your program slides.

This is 'windshield' monitoring and reporting that anticipates what typically goes wrong in programs.


#2 Focus on outcomes or benefits, not just deliverables

"Why do we need all this?” is a phrase often muttered by senior stakeholders, especially when reviewing your budget.

They may be more interested in the *business outcomes* of your work.

What does the successful completion of one or more deliverables mean for the business?

What are the business benefits?

An example of an outcome could be “Breach prepared.”

This occurs once you have your incident/breach process and procedures drafted and approved, people trained, awareness campaign completed, operational triggers embedded, etc.,

Often, outcomes can be linked to risk reduction, but if you aligned your work with the business strategy, there could be some clear enablers too.


#3 No structure, overview or control

Managing a program requires some specific competences.

The ability to plan, estimate, manage risk, manage stakeholders, manage change, influence, communicate, etc.

Despite a strong legal background, without these competences, your work will be chaotic, ad hoc and stressful.


Purpose and Means help Data Protection Leaders refresh their work focusing on business alignment and orchestration.

We’re based in Denmark, but operate globally.

If this issue resonates, book a call to discuss your requirements!

Petruta Pirvan
Tim Clements
March 11, 2023

Blog

Other posts

June 2, 2023
Disseminating policies
Tim Clements
May 27, 2023
Ineffective controls
Tim Clements
May 26, 2023
DPIA on a page
Tim Clements
May 25, 2023
GDPR on a page
Tim Clements
May 24, 2023
Explaining Data Controller/Data Processor obligations
Tim Clements
May 23, 2023
5 years on - are these perspectives still relevant?
Tim Clements
May 22, 2023
GDPR 5 years old - is it really?
Tim Clements
May 11, 2023
The US privacy landscape: complex and in a state of flux
Tim Clements
May 9, 2023
Employee engagement
Tim Clements
May 4, 2023
Unsure of which IAPP course fits your needs?
Tim Clements
May 2, 2023
Managing risk
Tim Clements
April 27, 2023
Interactions and inter-dependencies with others
Tim Clements
April 13, 2023
Copy/paste consultancies
Tim Clements
April 6, 2023
Controller/Processor life-cycle
Tim Clements
March 30, 2023
Responding to an audit
Tim Clements
March 26, 2023
Being prepared for a data protection audit
Tim Clements
March 23, 2023
Data protection templates
Tim Clements
March 11, 2023
Data protection program control
Tim Clements
March 6, 2023
Reporting data protection status
Tim Clements
March 2, 2023
The lone data protection army
Tim Clements