6 Steps to Explain GDPR to Your IT

It is not easy to explain GDPR in few words, and it is easier if it is to like-minded peers (from legal or security). But, what happens when you need to explain Records of processing activities to someone from your IT?

If you are a Data Protection Officer with a professional background in Legal or Compliance, I am sure you deeply understand the legal aspect of the Regulation.

Also, I am confident that by now, you realized you would need support from your IT department to fulfill GDPR requirements for your organization.

Probably you already reached out to them, and at this point, the outcome may vary. Some IT people were interested in privacy projects and were happy to help.

A lot of them, even if they liked the idea, are busy with other projects. Maybe in your case, there was a bit of a push back from the IT department considering compliance projects less important and exciting.

Whichever the case was, we all can agree that the collaboration between DPO and IT is essential. Every cooperation starts with excellent communication.

The fact that you are still reading this means you want to learn how to better collaborate and communicate with your IT colleagues.

Teamwork quote- explain GDPR

You might be wondering, “OK, but how?” I know that you are eager to find out, so we will waste no more time.

Let’s go directly to the six steps on how to Explain GDPR Records of Processing Activities to Your IT Colleagues.

1. Understand the IT point of view

We all know that nowadays there is a lot of pressure on IT professionals. Companies are dependent on IT systems, which their employes use in almost every business process. From e-mail clients to various CRMs, ERPs, Websites, Mobile Apps, Analytical tools, Backup Systems, and many more.

The IT department is responsible for the flawless operation of the company.

Except for stable performance, there are big expectations for constant innovations, introducing new systems, and updating the existing ones. At the same time, in the HR market, there is a significant lack of IT experts. There is a big chance that the IT department in your company is understaffed.

2. Make sure you are talking the same language

You are an expert in Data Privacy and master of the GDPR terminology.

On the other hand, your IT colleagues may find terms like Data Subject, Data Processor, Processing Activity, Data Retention intimidating. Even the term GDPR, which was mentioned many times in mainstream media, is not something that the general public has comprehensive knowledge of.

Use your GDPR knowledge to educate your team.

Make a bridge to that gap by preparing a glossary with the most important terms. Also, at every meeting, you can ask probing questions to make sure everybody understands the terminology. After understanding the IT point of view, being sure everybody understands the language is a second step to kick off a great GDPR implementation.

3. Create urgency

As said earlier, the IT department is flooded with everyday tasks for maintenance, and there is a neverending list of requests for new development.

The real question is, where are those requests coming from? Who makes the priorities? By now, you probably know the answer – the business!

It is your job to create urgency about the GDPR project!

It is essential to get the sponsorship and clear message Engage! from the top management and the Board. If the GDPR project gets a higher priority and allocation of resources, you can be sure the IT department will do their best to support you.

4. Set the lines of responsibility

Go with your IT step-by-step trough Records of Processing Activities. In the process, clearly define what will you need from them and what they need to deliver. The usual start is to create Data Inventory, discover personal data across IT systems.

If they know the background, it will be easier to reach the desired outcome.

You, together with other Activity Owners, will define the Data Retention period for each Processing Activity.

Also, it is on your domain to deliver the list on the Data Subject level, which Data Subject needs to be removed. IT needs to adjust systems to be able to receive this information and act accordingly, meaning remove personal data. You can find more information about Data Removal in an e-book.

Download our e-book Solution for GDPR Compliant Personal Data Removal

5. Don’t just toss a hot potato to your IT

Once when you speak the same language with the IT, you have the sponsorship from the Board and clear lines of responsibility, it is time to get the work done.

You need to be present in the project.

The details of software integration are not your domain, the Data Privacy is.

Organize constant followups and standup meetings with your IT. Ask your IT if they have all the inputs and make sure everything is clear. Make sure that vendors of the GDPR management software are delivering what they promised.

Be involved in testing – the best way to get a look and feel of the future solution. It will keep you informed about the critical part of the project, and you can give some final inputs.

At the same time, you will show your IT colleagues that you care, and want to help them deliver the best possible outcome.

6. Be persistent – it pays off

Be willing to keep asking for what you need and keep demonstrating the value.

The GDPR compliance will help you avoid fines, but even more important is to gain customers’ trust by transparent Data Privacy policy.

Read the blog: Data breach and (re)building customer trust

You can find many historical figures who ultimately succeeded by being persistent in their endeavors and messages. Consider Abraham Lincoln, who lost his mother, three sons, a sister, his girlfriend, failed in business. Also, he lost eight separate elections before he was elected the president of the United States.

Photo by Washington Post: https://wapo.st/32DSrTY
Photo by Washington Post: https://wapo.st/32DSrTY

We are ending this article on a high note and strong historical figure to leave you inspired. You have read all or some of the information in this article.

It is OK if you got only the headlines, every journey starts with the first step!

I am sure you might have been exposed to some new information on the topic of how to create a better relationship with your IT department. Try to use the methodology and let us know what the results are!

Want to continue reading?

Read the blog: 5 things you need to know about Data Privacy