Are you frustrated by the obstructions being put in your way and hoops you’re being asked to jump through in the name of data protection or information governance? Do you want to remove the data protection related barriers in projects? Do the processes feel like too much red-tape?
Our director, Clare Paterson, has some clear and practical advice on how to remove the barriers by changing the way you engage your data specialists.
“The sooner you can start the process of involving your data protection or information governance colleagues, the better. If data-related risks aren’t queried until a project is about to go live, it can lead to a lot of very annoying unpicking and some hefty changes to be made.
On the other hand, if your data protection colleagues have a seat around the project planning table at the start, they can let the project team know what to look out for and how to avoid it, before decisions have been made, reducing the number of decisions that need to be un-made.
Project Benefits and Risks Test
There’s something even more effective though; running the idea of the project through a benefits and risk test (which includes data-related risks) before any resource is spent at all.
At CP Data Protection we call this the “So What?” Test. This includes asking:
1. What problem are we trying to solve, and is it a problem that even needs to be solved?
2. If it is, will this actually solve the problem?
3. If it will, is the cost and risk proportional to the problem?
It’s surprising how often it’s found there’s actually no real need for a particular course of action, just by answering questions 1 and 2 above. And we’re not even considering data protection risks or any other type of risk until question 3.
Deciding if the problem actually needs to be solved, and if the costs and risks are worth the payoff, all comes back to your overarching purpose. You only have so many resources as an organisation, so you want to ensure everything you spend precious time, energy and money on is fully aligned with your purpose.
Even getting as far as convening a project team, or writing a report on different project approaches is a waste of resources, if the project doesn’t pass the “So What?” Test. It would be like gathering a team to debate whether you should choose a Granny Smith apple or a Bramley apple, only to discover that your purpose is to make the best banana split in town!
Some examples where “So What?” helped:
Some examples of the type of projects I’ve been asked to “make data protection compliant”, which turned out to be more like apples when the client wanted a banana split:
– Using vehicle tracker data in performance management
– Refreshing customer segmentation data
– Rolling out a testing procedure
– Buying software to send text messages
The Chief Executive of the Regulator of Social Housing said recently that housing association Boards need data to be able to make decisions. And I couldn’t agree more, but be careful what data you’re picking to present to your Board; don’t offer them apples when you’re trying to make a delicious banana split.
DP Governance Health Check and New Programme
For a free Data Protection Governance health check for housing associations, fill in your details below to access the template and receive information about our new Programme which helps you align your data management with your Purpose. (You can unsubscribe at any time.)
The framework that the Programme introduces you to can be applied to all types of data, not only personal data, including asset and financial data, both vital data for housing associations.”
If you have any questions about data protection, either about governance frameworks or anything else related to personal data, book a free call!
Clare draws on over 20 years of experience in risk management and quality assurance, including ten years in data protection, to provide clear and practical advice and training.
Don’t tell everyone (shh!) but Clare’s favourite sector is social housing. She worked in a large housing association for 12 years, although she loves to support all values-led organisations.