Rank and prioritise necessary actions according to impact and risk of occurrence
Method
- Review the GDPR risks on the risk register and create prioritised list of necessary actions
- Identify gaps and create the action plan
- Assess available internal resources and skill sets
- Size and cost the effort required internally and externally and build a project budget
- Present plan and budget for sign-off by the board
Outcomes
- Board sign-off of a fully costed and prioritised plan to achieve and maintain GDPR compliance
- Agreement to implement