GDPR Strategic Plan


An Information Compliance Strategic Plan is what you use to structure your work. This is not one of those high level strategy discussions had in the boardroom. It’s not a complicated process requiring multiple meetings, flow charts, and discussions with a consultant.

It’s simple. It should take about an hour. And, not only does it provide assurance for senior management, but it’s good for you too because it ensures you cover every necessary area and helps you organise your time effectively.

You can download a template Strategic Plan below.

It’s a working document, meaning you will need to come back to it every so often and move tasks around. Perhaps something took longer than it should, someone you need to talk to is on annual leave, or other things took priority. Perhaps you always take a long holiday in December, so you just won’t get around to doing too much then. Whatever the reason, go back and re-evaluate the plan regularly. Keep it up-to-date.

Share it with senior management, because they will feel reassured to know there’s a plan. They will also find it useful to know what to expect, when. I usually amend mine every couple of months, and re-send it to senior management every 3 to 6 six months; that’s about the time it takes for massive reshuffling to occur.

There are as many different ways of doing a strategic plan as there are people. We all work differently. However, as long as your plan sets out, month-by-month, which area(s) you will be focusing on, you won’t go far wrong.

My strategic plan, the template for which you can download below, sets out the areas I will be focusing on each month and gives a brief description of what that means. Some areas take more than one month, some less. That’s fine – things take the time they take. It covers an entire year, although I also have a much vaguer plan for the following year as well.

Step-by-step, here’s what you do:

1. Download the template

GDPR Strategic Plan Template

2. Get out your completed Self-Assessment

3. Put each area of the self-assessment (data protection policy, subject access etc) into a line under a month

4. Shuffle the tasks around until you’re happy that they reflect the order of highest priority, covering the areas of highest risk first, and that the plan will work for you personally

5. Put a brief description of what needs to be done under each task

6. Pretty it up, and share it with senior management

I then print mine and pin it up behind my desk, which allows me to see at a glance what I need to do next.

It’s really that simple!

One thought on “GDPR Strategic Plan

  1. Pingback: Where do I start? | Data Protection in Practise

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s