A Strategy Is Not a Plan – A Common Misconception in Applying NDMO

If you're navigating through the complexities of the National Data Management Office (NDMO) standards, understanding the crucial distinction between a strategy and a plan is paramount. Let's delve into why this differentiation is not just a formality but a foundational aspect of effective data management.

In my journey working with clients across various industries, I've noticed a common thread: many professionals find it easier to draft a plan rather than to conceptualize a strategy. Plans, with their concrete goals and budgets, provide a sense of security. Yet, beginning with a plan can be a strategic misstep.

Strategies require considering external elements and embracing uncertainty, which can be challenging but essential within the NDMO framework. Together with my colleagues, we've crafted a robust methodology to develop strategies that genuinely position organizations for success in data management.

Strategy Defined: A strategy is a comprehensive approach designed to position an organization competitively for long-term success. It's about making integrative choices that align with the ever-evolving competitive landscape.

Strategy Development Approach My colleagues and I have honed a rigorous approach to strategy development, blending research with practical experience to create a framework compliant with NDMO’s standards. Here's how we do it:

• Gather Data and Information

Identify Stakeholders: Forming a cross-functional team is critical. Involving IT, legal, compliance, HR, and other departments ensures that all data management challenges are addressed from every angle.

Conduct Data Assessment: Evaluate current practices, assets, and personal data processing to pinpoint challenges in security, privacy, compliance, and governance.

Business Strategy Alignment: It's crucial to align data management goals with broader business objectives to ensure cohesion and mutual reinforcement.

• Develop the Strategy

Vision, Mission, and Goals: Establish these core elements to resonate with the organization's values and provide a clear direction for data management and personal data protection.

Performance Metrics and Targets: Set measurable targets for the next three to five years to gauge the strategy's effectiveness.

Budget Allocation: Determine the financial resources needed, prioritizing initiatives based on their impact and urgency.

• Strategy Documentation and Review

Strategy Document: Draft a document that captures all strategic elements in a format easy for stakeholders to digest.

Stakeholder Feedback: Refine the strategy based on feedback from key stakeholders to enhance its effectiveness and relevance.

• Strategy Approval and Implementation Plan

Obtain Approval: Secure endorsement and resources from senior management for the strategy's execution.

Implementation Plan: Develop a detailed plan outlining the necessary steps, resources, timelines, and responsibilities for executing the strategy, as explained below.

• Strategy Communication and Training

?Internal Communication: Ensure the entire organization understands the strategy’s significance.

?Training: Equip employees with data management best practices and their specific roles in the strategy.

Plan Defined: A plan is more about logistics. It outlines the specific actions needed to achieve the tactical goals that support the broader strategy. It's the roadmap that guides you through the execution of strategic objectives.

Plan Development Approach

After setting a robust strategy, developing a detailed plan is equally vital. Here's a step-by-step approach within the NDMO context:

• Review the Strategy: Review the Entity's Data Management and Personal Data Protection Strategy to understand the strategic objectives, goals, and initiatives outlined in the strategy.
• Identify Initiatives: Tailor initiatives for each Data Management Domain to ensure that the initiatives align with the Entity's strategic goals and the National Data Management and Personal Data Protection Framework.
• Prioritize Initiatives: Use frameworks like Impact versus Ease of Implementation to prioritize the list of initiatives, evaluate each initiative based on its potential impact on data management and personal data protection and the ease of implementation.
• Define Quick Wins and Long-Term Initiatives: Identify initiatives that can be implemented within the first 6 months as Quick Wins to demonstrate early progress and benefits. Separate the remaining initiatives into mid to long-term initiatives, planning their implementation throughout the 3-year period.
• Develop the 3-Year Implementation Roadmap: Create a detailed roadmap that outlines the sequence and timeline for implementing each initiative over the next 3 years. Allocate resources and set milestones for tracking progress.
• Establish Key Performance Indicators (KPIs): Define key performance indicators (KPIs) to measure the success and effectiveness of each initiative. Ensure that the KPIs are aligned with the strategic objectives and can provide meaningful insights into the progress of the plan.
• Allocate Resources and Budget: Determine the resources and budget required to execute each initiative effectively. Allocate resources and budget based on the prioritization and timeline outlined in the roadmap.
• Engage Stakeholders and Obtain Buy-in: Engage relevant stakeholders, including senior management and data owners, to obtain buy-in and support for the plan. Ensure that stakeholders understand the importance of data management and personal data protection and are committed to the plan's success.
• Monitor and Review: Establish a monitoring and review mechanism to track the implementation progress regularly. Conduct periodic reviews to assess the effectiveness of the plan, make necessary adjustments, and ensure alignment with changing business needs and regulatory requirements.

?

Conclusion

Navigating the realm of Data Management and Personal Data Protection under the NDMO standards is no small feat. However, with a clear understanding of the difference between strategy and plan and a methodical approach to both, organizations can not only comply with regulations but excel in their data management practices. Through this article, I hope to have shared not just knowledge but also practical approach from my personal experience that can guide you on this journey.