The implementation of the General Data Protection Regulation (GDPR) within Sowalfin Group : using project management in order to improve efficiency

Abstract

Since its entry into force, the General Data Protection Regulation (GDPR), which aims at harmonizing and increasing the protection of personal data within the European Union, has been an integral part of the functioning of organizations subject to its scope of application. The risks of non-compliance can be quite high, which means that its implementation can’t be avoided. This requires of course a lot of effort in terms of time and resources mainly, and is a long process of several years, considering the complexity and scope of the task. The proper organization of the implementation program is therefore essential. In order to do that, project management seems to be the key. Indeed, the principles of project management can be useful in clarifying objectives, structuring activities and reducing risks and uncertainties of the program. SOWALFIN Group is no exception to this observation. As a company aiming at creating awareness, supporting, and funding SMEs in Wallonia, it processes numerous personal data on a daily basis. The implementation of the GDPR has therefore been one of our priorities since its entry into force more than 3 years ago, and a whole series of technical, organizational and governance measures have been put in place.This paper aims at redefining the roles and responsibilities of the different actors involved in the GDPR program, at choosing the most appropriate project management method and at adapting it to the spirit of SOWALFIN Group, in order to improve the effectiveness and efficiency of the GDPR program, without adding unnecessary heaviness. Based on our analysis, it seems to us that the most suitable methodology for this type of program is a mix between traditional methods and agile methods. Finally, this reorganization may be the opportunity to extend project management to other aspects of SOWALFIN Group, as needed.