GDPR-DOC-01-3 GDPR Preparation Project Plan

Page 1

Please note: This sample only shows part of the Preperation Project Plan.

PreparationProjectPlan

NOTE:Alltasksandresourcesassignedare approximationsandwilldependonthe specificsofyourproject.Ifappointed,the DataProtectionOfficermaytake the role ofProjectLead.

REF TASK MAINGDPRREFERENCE RESOURCE STARTDATE WORKDAYS ENDDATE COMPLETED DAYS PROGRESS 1 GDPR preparation project 1.1 Performgapassessment ProjectManager,ProjectLead 0 0 1.2 Gainseniormanagementcommitment ProjectManager,ProjectLead 0 0 1.3 Initiate projectwithappropriate resourcesandbudget ProjectManager 0 0 1.4 Establishdocumentcontrol ProjectManager 0 0 2 GDPR roles, awarenessand training 2.1 Conductcommunicationprogramme tosuppliersandotherstakeholders ProjectLead 0 0 2.2 Define GDPRrolesandresponsibilities ProjectLead,SeniorManagement 0 0 2.3 AppointEUrepresentative (if outside EU) ProjectLead,SeniorManagement,Legal 0 0 2.4 AppointDataProtectionOfficer(if required) CHAPTERIV - Section4- Dataprotectionofficer SeniorManagement 0 0 2.6 ConductGDPRcompetence andtrainingneedsassessment CHAPTERIV - Section4- Dataprotectionofficer ProjectLead 0 0 2.7 PerformGDPR-relatedtrainingandfamiliarisation CHAPTERIV - Section4- Dataprotectionofficer ProjectLead 0 0 2.8 ConductGDPRandinformationsecurityawarenesstraining CHAPTERIV - Section4- Dataprotectionofficer ProjectLead,InformationSecurityManager 0 0 3 Personal data mapping 3.1 Conductinitial personal datainformationgatheringexercise CHAPTERII- Principles ProjectLead 0 0 3.2 Performauditof personal databybusinessarea CHAPTERII- Principles BusinessAreaLeads 0 0 3.3 Identifylawful basisforprocessingpersonal dataineachcase Article 6- Lawfulnessof processing BusinessAreaLeads,Legal 0 0 3.4 Conductlegitimate interestassessmentswhere required Article 6- Lawfulnessof processing BusinessAreaLeads,Legal 0 0 3.5 Identifyrecord-keepingrequirementsandprocedures Article 30- Recordsof processingactivities ProjectLead 0 0 4 Privacy policiesand notices 4.1 Define personal dataretentionandprotectionpolicy Article 5- Principlesrelatingtoprocessingof personal data ProjectLead,BusinessAreaLeads,Legal 0 0 4.2 Create oramendexistingprivacynotices Articles13and14- Informationtobe provided BusinessAreaLeads 0 0 4.3 Reviewandamendconsentmethodsandprocedures Article 7- Conditionsforconsent BusinessAreaLeads 0 0 4.4 Addressage-relatedconsentandcontrols(children) Article 8- Conditionsapplicable tochild'sconsent BusinessAreaLeads 0 0 5 Rightsof the data subject 5.1 Create andimplementdatasubjectrequestprocedures CHAPTERIII- Rightsof the datasubject ProjectLead 0 0 5.2 Startrecordingdatasubjectrequests CHAPTERIII- Rightsof the datasubject DataSubjectRequestAdministrator 0 0 6 Controllersand processors 6.1 Update contractswithprocessorstobe GDPRcompliant CHAPTERIV - Section1- General obligations Legal 0 0 6.2 Distribute supplierquestionnairesregardingpersonal dataprotection CHAPTERIV - Section1- General obligations Legal 0 0 6.3 Provide informationtocontrollersforwhomwe actasaprocessor CHAPTERIV - Section1- General obligations Legal,ITManagement 0 0 6.4 Update contractswithcontrollerstobe GDPRcompliant CHAPTERIV - Section1- General obligations Legal 0 0 6.5 Addressemployee confidentialityrequirements CHAPTERIV - Section1- General obligations HumanResources 0 0 7 Data protection impact assessment 7.1 Define dataprotectionimpactassessmentprocess CHAPTERIV - Section3- Dataprotectionimpactassessment ProjectLead 0 0 7.2 Conductdataprotectionimpactassessmenttraining CHAPTERIV - Section3- Dataprotectionimpactassessment ProjectLead 0 0 7.3 Performinitial dataprotectionimpactassessment CHAPTERIV - Section3- Dataprotectionimpactassessment BusinessAreaLeads 0 0
GDPR-DOC-01-3

NOTE: Budget items will depend on the specifics of your project.

ITEM BUDGET SPENT TO DATE BUDGET REMAINING Internal resources - -Training - -Travel and subsistence - -External Consultancy - -Communication - -Professional memberships - -Software tools - -Hardware - -Offices and furniture - -Internal auditing - -Certification auditing - -Total - - -
ProjectTimeline 0-January-1900to0-January-1900 Torefreshchartdata,clickon“RefreshAll”ontheDataribbon. Datedisplayslider Notstarted Inprogress Completed Weekends(Sat-Sun) REF TASK RESOURCE PROGRESS 00-Jan 01-Jan 02-Jan 03-Jan 04-Jan 05-Jan 06-Jan 07-Jan 08-Jan 09-Jan 10-Jan 11-Jan 12-Jan 13-Jan 14-Jan 15-Jan 16-Jan 17-Jan 18-Jan 19-Jan 20-Jan 21-Jan 22-Jan 23-Jan 24-Jan 25-Jan 1 GDPRpreparationproject 1.1 Performgapassessment ProjectManager,ProjectLead 1.2 Gainseniormanagementcommitment ProjectManager,ProjectLead 1.3 Initiateprojectwithappropriateresourcesandbudget ProjectManager 1.4 Establishdocumentcontrol ProjectManager 2 GDPRroles,awarenessandtraining 2.1 Conductcommunicationprogrammetosuppliersandotherstakeholders ProjectLead 2.2 DefineGDPRrolesandresponsibilities ProjectLead,SeniorManagement 2.3 AppointEUrepresentative(ifoutsideEU) ProjectLead,SeniorManagement,Legal 2.4 AppointDataProtectionOfficer(ifrequired) SeniorManagement 2.6 ConductGDPRcompetenceandtrainingneedsassessment ProjectLead 2.7 PerformGDPR-relatedtrainingandfamiliarisation ProjectLead 2.8 ConductGDPRandinformationsecurityawarenesstraining ProjectLead,InformationSecurityManager 3 Personaldatamapping 3.1 Conductinitialpersonaldatainformationgatheringexercise ProjectLead 3.2 Performauditofpersonaldatabybusinessarea BusinessAreaLeads 3.3 Identifylawfulbasisforprocessingpersonaldataineachcase BusinessAreaLeads,Legal 3.4 Conductlegitimateinterestassessmentswhererequired BusinessAreaLeads,Legal 3.5 Identifyrecord-keepingrequirementsandprocedures ProjectLead 4 Privacypoliciesandnotices
Definepersonaldataretentionandprotectionpolicy ProjectLead,BusinessAreaLeads,Legal
Createoramendexistingprivacynotices BusinessAreaLeads
Reviewandamendconsentmethodsandprocedures BusinessAreaLeads
Addressage-relatedconsentandcontrols(children) BusinessAreaLeads 5 Rightsofthedatasubject
Createandimplementdatasubjectrequestprocedures ProjectLead 5.2 Startrecordingdatasubjectrequests DataSubjectRequestAdministrator 6 Controllersandprocessors
UpdatecontractswithprocessorstobeGDPRcompliant Legal 6.2 Distributesupplierquestionnairesregardingpersonaldataprotection Legal 6.3 Provideinformationtocontrollersforwhomweactasaprocessor Legal,ITManagement 6.4 UpdatecontractswithcontrollerstobeGDPRcompliant Legal 6.5 Addressemployeeconfidentialityrequirements HumanResources 7 Dataprotectionimpactassessment 7.1 Definedataprotectionimpactassessmentprocess ProjectLead 7.2 Conductdataprotectionimpactassessmenttraining ProjectLead 7.3 Performinitialdataprotectionimpactassessment BusinessAreaLeads
4.1
4.2
4.3
4.4
5.1
6.1

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.