Equity Culture

Tel: +44 (0)7956 691 104

  • Home
  • About Us
  • Board Evaluations
  • Regulatory Compliance
  • Clients and Case-Studies
  • Noticeboard
  • Blog
  • Contact Us

Who ‘owns’ your GDPR project?

16th October 2017 5 Comments

A FTSE250 Corporate Lawyer writes...

Who in your organisation is taking day to day ownership of management of the GDPR project?  Is your COSEC function running the project (if so who?) or is it the wider legal team or does the project manager even sit outside of legal/cosec altogether?

Asides from your colleagues in HR, IT etc how many in legal or Cosec are assigned to it please and how far down the line are you?

Leave a Reply Cancel reply

Only your comment and indication of company type will be published

Comments

  1. FTSE250 said

    27th October 2017 at 6:11 pm

    There is a separate project team to run GDPR. There is an interim team of 3 under the project manager who reports to the head of facilities.
    The working party c 15 in total has a rep from all businesss and support functions inc one from CoSec and legal
    The working party reports to a senior management steering group

    • FTSE250 said

      17th October 2017 at 10:16 am

      GDPR compliance is “owned” by our Corporate Risk Director working within our Cosec, Legal and Risk team reporting to the Company Secretary.

      • FTSE250 said

        16th October 2017 at 5:46 pm

        The GDPR Project is being led by the Group Company Secretary. A full time Programme Manager (in our Project Management team) has been assigned to work with the GCS and we have established a cross divisional cross functional Working Group.
        Legal team members are part of the Working Group which includes representatives from IT, Marketing and HR (including representatives from these functions from EMEA, Americas and Asia). We started the GDPR project in early-2016 and so are reasonably well advanced across each of the areas.

        • FTSE SMALL CAP said

          16th October 2017 at 4:07 pm

          As a consequence of the way our corporate functions are organised (small listed company, with minimal “head office” functions and considerable autonomy/responsibility for the operational divisions) the “owner” of the GDPR project is the Group Head of Internal Audit/Assurance, who works primarily with the IT directors the divisions, and with input from the Group Counsel/Company Secretary as required. So the “head office” team is a couple of people, with implementation of GDPR being the responsibility of the management teams of the divisions.

          The plan follows what looks like a fairly standard process, and at the moment we are busy data mapping and sorting out what consents will be required.

          • FTSE250 said

            16th October 2017 at 3:21 pm

            Co Sec leads project, because Business Assurance reports in, which function includes Information Security and Compliance. One from legal team (we only have three lawyers!). Data mapping in progress, and assessment of quality of existing “consents” being reviewed.

            Sections

            • Home
            • About Us
            • Board Evaluations
            • Regulatory Compliance
            • Clients and Case-Studies
            • Noticeboard
            • Blog
            • Contact Us

            Recent Notices

            • Corporate Gifts and Hospitality Policy

              Corporate Gifts and Hospitality Policy

              3rd June 2025
            • How often does your Board meet?

              How often does your Board meet?

              29th April 2025
            • Know Your Customer & Ultimate Beneficial Owner requests

              Know Your Customer & Ultimate Beneficial Owner requests

              28th March 2025
            • The Market Abuse Regulations (MAR) & Insider Dealing training

              The Market Abuse Regulations (MAR) & Insider Dealing training

              28th March 2025
            • Reviewing and updating our Board skills matrix

              Reviewing and updating our Board skills matrix

              24th February 2025

            Contact EquityCulture

            Address:

            89 Kesteven Way,
            Corby,
            Northamptonshire
            NN18 8GF

            Registered in England and Wales No. 06008649.

            • Blog
            • UK Board Evaluations
            • UK Corporate Governance

            © 2025 EquityCulture | Site Designed & Built by Midland Tech