Please note: This sample only shows part of the Preparation Project Plan Preparation Project Plan GDPR-DOC-01-3
NOTE: All tasks and resources assigned are approximations and will depend on the specifics of your project. If appointed, the Data Protection Officer may take the role of Project Lead. REF TASK
1
GDPR preparation project
1.1 1.2 1.3 1.4
Perform gap assessment Gain senior management commitment Initiate project with appropriate resources and budget Establish document control
2
GDPR roles, awareness and training
2.1 2.2 2.3 2.4 2.6 2.7 2.8
Conduct communication programme to suppliers and other stakeholders Define GDPR roles and responsibilities Appoint EU representative (if outside EU) Appoint Data Protection Officer (if required) Conduct GDPR competence and training needs assessment Perform GDPR-related training and familiarisation Conduct GDPR and information security awareness training
3
Personal data mapping
3.1 3.2 3.3 3.4 3.5
Conduct initial personal data information gathering exercise Perform audit of personal data by business area Identify lawful basis for processing personal data in each case Conduct legitimate interest assessments where required Identify record-keeping requirements and procedures
4
Privacy policies and notices
4.1 4.2 4.3 4.4
Define personal data retention and protection policy Create or amend existing privacy notices Review and amend consent methods and procedures Address age-related consent and controls (children)
5
Rights of the data subject
5.1 Create and implement data subject request procedures 5.2 Start recording data subject requests
6
Controllers and processors
6.1 6.2 6.3 6.4 6.5
Update contracts with processors to be GDPR compliant Distribute supplier questionnaires regarding personal data protection Provide information to controllers for whom we act as a processor Update contracts with controllers to be GDPR compliant Address employee confidentiality requirements
7
Data protection impact assessment
7.1 Define data protection impact assessment process 7.2 Conduct data protection impact assessment training 7.3 Perform initial data protection impact assessment
WORK DAYS END DATE
COMPLETED DAYS
Project Manager, Project Lead Project Manager, Project Lead Project Manager Project Manager
0 0 0 0
0 0 0 0
CHAPTER IV - Section 4 - Data protection officer CHAPTER IV - Section 4 - Data protection officer CHAPTER IV - Section 4 - Data protection officer CHAPTER IV - Section 4 - Data protection officer
Project Lead Project Lead, Senior Management Project Lead, Senior Management, Legal Senior Management Project Lead Project Lead Project Lead, Information Security Manager
0 0 0 0 0 0 0
0 0 0 0 0 0 0
CHAPTER II - Principles CHAPTER II - Principles Article 6 - Lawfulness of processing Article 6 - Lawfulness of processing Article 30 - Records of processing activities
Project Lead Business Area Leads Business Area Leads, Legal Business Area Leads, Legal Project Lead
0 0 0 0 0
0 0 0 0 0
Article 5 - Principles relating to processing of personal data Articles 13 and 14 - Information to be provided Article 7 - Conditions for consent Article 8 - Conditions applicable to child's consent
Project Lead, Business Area Leads, Legal Business Area Leads Business Area Leads Business Area Leads
0 0 0 0
0 0 0 0
CHAPTER III - Rights of the data subject CHAPTER III - Rights of the data subject
Project Lead Data Subject Request Administrator
0 0
0 0
CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 1 - General obligations CHAPTER IV - Section 1 - General obligations
Legal Legal Legal, IT Management Legal Human Resources
0 0 0 0 0
0 0 0 0 0
CHAPTER IV - Section 3 - Data protection impact assessment CHAPTER IV - Section 3 - Data protection impact assessment CHAPTER IV - Section 3 - Data protection impact assessment
Project Lead Project Lead Business Area Leads
0 0 0
0 0 0
MAIN GDPR REFERENCE
RESOURCE
START DATE
PROGRESS
NOTE: Budget items will depend on the specifics of your project. ITEM Internal resources Training Travel and subsistence External Consultancy Communication Professional memberships Software tools Hardware Offices and furniture Internal auditing Certification auditing Total
BUDGET
SPENT TO DATE -
BUDGET REMAINING -
-
Project Timeline 0-January-1900 to 0-January-1900
To refresh chart data, click on “Refresh All� on the Data ribbon.
Date display slider
Not started
In progress
00-Jan
04-Jan
REF
TASK
1 1.1 1.2 1.3 1.4 2 2.1 2.2 2.3 2.4 2.6 2.7 2.8 3 3.1 3.2 3.3 3.4 3.5 4 4.1 4.2 4.3 4.4 5 5.1 5.2 6 6.1 6.2 6.3 6.4 6.5 7 7.1 7.2 7.3
GDPR preparation project Perform gap assessment Gain senior management commitment Initiate project with appropriate resources and budget Establish document control GDPR roles, awareness and training Conduct communication programme to suppliers and other stakeholders Define GDPR roles and responsibilities Appoint EU representative (if outside EU) Appoint Data Protection Officer (if required) Conduct GDPR competence and training needs assessment Perform GDPR-related training and familiarisation Conduct GDPR and information security awareness training Personal data mapping Conduct initial personal data information gathering exercise Perform audit of personal data by business area Identify lawful basis for processing personal data in each case Conduct legitimate interest assessments where required Identify record-keeping requirements and procedures Privacy policies and notices Define personal data retention and protection policy Create or amend existing privacy notices Review and amend consent methods and procedures Address age-related consent and controls (children) Rights of the data subject Create and implement data subject request procedures Start recording data subject requests Controllers and processors Update contracts with processors to be GDPR compliant Distribute supplier questionnaires regarding personal data protection Provide information to controllers for whom we act as a processor Update contracts with controllers to be GDPR compliant Address employee confidentiality requirements Data protection impact assessment Define data protection impact assessment process Conduct data protection impact assessment training Perform initial data protection impact assessment
RESOURCE
Project Manager, Project Lead Project Manager, Project Lead Project Manager Project Manager Project Lead Project Lead, Senior Management Project Lead, Senior Management, Legal Senior Management Project Lead Project Lead Project Lead, Information Security Manager Project Lead Business Area Leads Business Area Leads, Legal Business Area Leads, Legal Project Lead Project Lead, Business Area Leads, Legal Business Area Leads Business Area Leads Business Area Leads Project Lead Data Subject Request Administrator Legal Legal Legal, IT Management Legal Human Resources Project Lead Project Lead Business Area Leads
PROGRESS
01-Jan 02-Jan 03-Jan
05-Jan 06-Jan
Completed
07-Jan 08-Jan 09-Jan
Weekends (Sat - Sun)
10-Jan 11-Jan
12-Jan 13-Jan
14-Jan 15-Jan