UNIVERSITY CORPORATION OF ASTURIAS.

SPECIALIZATION IN PROJECT MANAGEMENT.

PRACTICAL CASE 3.
PROJECT MANAGEMENT II

Juan Miguel Rodríguez Rodríguez

C.C 1090503894

NOVEMBER 2020.

BOGOTÁ D.C
Content
INTRODUCTION.3
DEVELOPMENT.7
CONCLUSIONS.......................................................................................10
BIBLIOGRAPHY..........................................................................................11
INTRODUCTION

Stakeholder Management is very important because it allows

identify the people, groups, or organizations that may affect or
to be affected by the project or organization, it also aims to
the objective is to analyze the expectations and impact of the project.
correct communication with stakeholders is of great value in the
development of it.

Management must focus on identifying the stakeholders,

planning of involvement, monitoring and evaluation of its impact.

Case Study:

Statement:

In Spain, Organic Law 15/1999, of December 13, on protection

personal data was developed to adapt the Directive
95/46/EC. This law aimed to guarantee and protect, in what
concerns the processing of personal data and rights
fundamentals of individuals, and especially of their honor and
personal and family intimacy. The law would apply to the data of
personal data recorded on physical media, which make them
susceptible to treatment, and to any form of subsequent use of
these data by the public and private sectors. It would be governed by the law everything
processing of personal data when the processing is
carried out in Spanish territory in the context of the activities of a
establishment of the data controller. After several
amendments to the organic law, the European Union (EU) develops the
new Regulation (EU) 2016/679 of the European Parliament and of the Council,
known as the General Data Protection Regulation, which came into force
in effect for 18 months from today but will begin to be applied
exactly four months from today's date, resulting in
mandatory for organizations to implement the new measures. This
Regulation repeals Directive 95/46/EC The regulation aims to
harmonize the protection of rights across all countries in the European Union
natural persons regarding the processing of personal data and
to the free movement of data. Furthermore, it seeks to respond to the
reality of personal data within the information society
actual. The new requirements of the Regulation pose significant
challenges for all entities due to the high volume of data
persons who manage, turning data protection
personnel in a critical aspect that all organizations must
Keep in mind. The Regulation is a rule directly applicable to
Spanish legal system, not requiring internal regulations.
specifics for development or application. The Regulation contains
concepts, principles and mechanisms similar to those established by the
Directive 95/46. Therefore, the organizations that currently comply
with the LOPD they have a good starting point to evolve towards a
correct application of the new regulation. In general, the new
Considerations that must be taken into account are the following:

Two general elements represent the greatest innovation of

Regulations for the responsible parties and they project onto all the
obligations of organizations:

Organizations are required to analyze what data they handle, with what
purposes do they serve and what type of processing operations do they involve
cable.

Reinforced consent: consent must be 'unequivocal',

being the one who has lent himself through a manifestation of
interested or through a clear affirmative action. Not accepted from
no way the forms of implicit consent or by omission, since
they are based on inaction. Situations are contemplated in which the
consent, in addition to being unequivocal, must be explicit: - Treatment
sensitive data. - Adoption of automated decisions. -
International transfers. Consent may be unequivocal
and implicitly granted when it can be inferred from an action of the
interested, for example: when the interested party continues browsing through
a website and thus accepts the use of cookies to monitor its
navigation. Information to interested parties, both regarding the
conditions of the treatments that affect them as in the responses
The exercise of rights must be provided concisely.
transparent, intelligible and easily accessible, with clear and simple language.
The information to the interested parties must be provided in writing, including
electronic media when appropriate.

New rights such as 'Right to be Forgotten': consequence of the

application of the right to erasure of personal data.

New rights such as "portability": it implies that the data

Personal data of the interested party is transmitted directly from a responsible person.
to another, without the need for them to be transmitted prior to the own
interested, as long as it is technically possible. The right of
portability is an advanced form of the right of access by which the
the copy provided to the interested party must be offered in a format
structured, of common use and mechanical reading.
 Right of access: the right to obtain a copy of the
personal data subject to processing. The controllers may
to attend to this right by facilitating remote access to a secure system
that offers the interested party direct access to their personal data. The
data will be collected for specific purposes: if data is collected with
a specific purpose, the data cannot be used with a
different purpose.

Obligation to implement encryption systems and double factor

authentication, even on data considered to be basic level.

Determine, as a key figure, the "Data Protection Officer" (DPO) or

Data Protection Officer (DPO), which will be mandatory in:-
Authorities and public bodies. - Responsible or designated individuals that
they have among their main activities the treatment operations
that require regular and systematic observation of stakeholders to
large scale. - Responsible parties or those in charge who have among their
main activities the large-scale processing of sensitive data.

Notifications of 'data security breaches'. The

security violations are commonly known as "breaches of
security" that includes any incident that causes destruction,
loss or accidental or unlawful alteration of personal data transmitted,
preserved or treated otherwise, or the communication or access not
authorized to such data. For example: the loss of a computer
portable, unauthorized access to an organization's databases
(including by their own staff) or the accidental deletion of some
records constitute breaches of security pursuant to the GDPR and must
to be treated appropriately. Some obligations on the part of the
organizations are as follows: - When a violation occurs
data security, the responsible party must notify the authority of
competent data protection, unless it is unlikely that the
violation poses a risk to the rights and freedoms of the
affected. - The bankruptcy notification to the authorities must take place
without undue delay and, if possible, within the following 72 hours
that the responsible person is aware of it. - The notification must include
a minimum content:

. The nature of rape.

. Data categories and affected stakeholders.

. Measures taken by the responsible party to address the bankruptcy.

. If applicable, the measures taken to mitigate the possible effects.

negatives about the interested parties.
The responsible parties must document all security breaches.
The GDPR adds recommendations to the contents of the notification.
about the measures that interested parties can take to address
the consequences of the bankruptcy.

Questions:

What is Requested Based on the Previous Information? The organization for

the one you work for is a large engineering company that is composed of
by various departments such as:

Human resources.

Financial.

Wind engineering.

Hydraulic engineering.

Geothermal engineering.

Civil works

Legal and procedures.

Systems.

Project Management Office (PMO).

As a member of the IT Department of the organization, you are

appointed Project Director to adapt or modify the systems and
existing tools or create the necessary systems or tools
to implement all the previously mentioned measures,
included in the GDPR, which must be implemented before the
date marked by the Regulation (+4 months from today), under
possibility of incurring heavy penalties for non-compliance. The
systems or tools can affect any department
within the organization. The project is considered critical by
the organization, whose structure is a strong matrix, therefore is
provides a level of authority, decision-making ability, and availability
about very high resources. You may request human resources from both
department of systems like other departments of the
organization. At the same time, they are offered the possibility of hiring
an external expert if deemed necessary due to non-existence or absence
available a specific profile within the organization. It is
assign a budget of 200,000€ at most. Taking into account
the importance of the project, the project sponsor will be the director
from the project office (PMO). It will be necessary to take into account the
following assumptions to adequately develop the analyses
posteriors:

Your organization fully complies with the existing regulations.

regarding data protection (LOPD 15/1999).

As of today, your organization has not yet started to adapt its

systems and tools to the considerations of the new Regulation of
Data Protection (GDPR), so you must start from scratch.
Your organization has processes, procedures, and policies that
must be respected and, for example, the following:

Risk control and management policy.

Compliance Policy.

Cybersecurity Policy.

Any other data or information not included in this document will be

assumption for the Project Director.

With the available information, the development of the

REGISTER OF INTERESTED PARTIES AND A MATRIX OF INTEREST/INFLUENCE for
this project, using the format that is attached.

DEVELOPMENT

The register of Interested Parties contains information about the interested parties that
they have been identified, name, position in the organization, data of
contact and role in the project, evaluation information: requirements,
expectations, potential to influence project outcomes, phase in
the one that the interested party has the greatest influence and impact, classification of the
interested parties: internal/external, according to their impact, influence, power,
interest or other concepts.

Below we present the registry of interested parties:

 REGISTER OF INTERESTED PARTIES
D E N O M I N AT I O N DEPARTMENT RESPONSIBILITY INFLUENCE(1-6) 1-6 CATEGORYO
CLASSIFICATION
It must comply
to the regulation.
MANAGER Adapt, transform and
SENIOR MANAGEMENT 5 6 LEADER
GENERAL update the system of
information of agreement
to the requirements.

SPONSOR DIRECTOR OF THE OFFICE OF Compliance Support

6 6 LEADER
OFTHEPROJECT PROJECT of the regulations.

. Create, adapt y
modify the System of
Information for the
DIRECTOR DE compliance of the
DEPMO OFFICE 6 6 LEADER
PROJECT REGULATION
GENERAL DE
PROTECTION DE
DATA

PA R L I A M E N T
. To watch for the
EUROPEAN Y DE
EXTERNAL LEGAL AUTHORITIES compliance of the 6 6 SUPERVISION
SPAIN (LAW
regulations.
ORGANIZE
Support in the
compliance of the
regulations and promote
the changes,
SHAREHOLDERS MANAGEMENT transformations y 5 3 Support
creation of the
tools of the new
Information System and
your application.
. S u p p o r t in the
DIRECTOR DE compliance of the
RESOURCES PERSONNEL DIRECTORATE regulation y yes 4 3 Support
HUMANS application with the
human resources.

. Support in the
compliance of the
DIRECTOR regulations y yes
FINANCIAL MANAGEMENT 4 3 Support
FINANCIAL application with the
financial resources of
the companyand the project.

. S u p p o r t in the
compliance of the
regulation y they
application with the
computer resources.
. Create, adapt y
DIRECTOR DE
DIRECTORATE OF SYSTEMS modify the System of 6 6 LEADER
SYSTEMS
Information for the
compliance of the
REGULATION
GENERAL DE
PROTECTION DE
DATA
. Support the
compliance of the
DIRECTOR
COMMERCIAL ADDRESS regulation y his 3 5 SUPPORT
COMMERCIAL
application in the
commercial relations.
. Create, adapt y
modify the System of
Information for the
OFFICE ON INSTITUTIONAL PLANNING AND COMPLIANCE of the
6 6 LEADER
PLANNING PROJECT REGULATIONS
GENERAL DE
PROTECTION DE
DATA
. S u p p o r t in the
compliance of the
COMPANY WORKERS normativity y his 2 6 SUPPORT
application in all the
work areas.
Facilitate the information
y elements
CLIENTS BUSINESS RELATIONS 5 2 Support
related with the
new regulations.
Facilitate the information
y elements
SUPPLIERS BUSINESS RELATIONS 5 2 Support
related with the
new regulation.
Matrix of influence and interest of the stakeholders based on their level of
impact on the project that we present below:

INFLUENCE/INTEREST MATRIX
Denomination INFLUENCE(1-6) 1-6 INFLUENCE 1-6 ITSTRATEGY

GENERALMANAGER 5 6 HIGH HIGH COLLABORATE CLOSELY

SPONSOR
6 6 HIGH HIGH TO COLLABORATE CLOSELY
OFTHEPROJECT

DIRECTOR DE
6 6 HIGH HIGH COLLABORATE CLOSELY
PROJECT
PARLIAMENT
EUROPEAN Y DE
6 6 HIGH HIGH work closely
SPAIN (LAW
ORGANIZE
SHAREHOLDERS 5 3 LOW LOW MONITOR

DIRECTOR DE
RESOURCES 5 3 HIGH LOW KEEP SATISFIED
HUMANS
DIRECTOR
5 3 HIGH LOW KEEP SATISFIED
FINANCIAL
DIRECTOR DE
6 6 HIGH HIGH Collaborate closely
SYSTEMS

DIRECTOR
3 5 HIGH HIGH Collaborate closely
COMMERCIAL

OFFICE DE
6 6 HIGH HIGH WORK CLOSELY
PLANNING

WORKERS 2 6 LOW HIGH KEEP INFORMED

CLIENTS 5 2 HIGH LOW MAINTAIN SATISFIED

SUPPLIERS 5 2 HIGH UNDER KEEP SATISFIED

conclusions

It can be concluded that:

- The registry of interested parties is a management tool that

it makes it easier to work with the different groups within the project.
- The registration of interested parties allows for impact classification,
interests, power or other criteria in the different groups for
to outline the correct work strategy.
- The influence/power matrix places each group in quadrants
that suggests the different strategies, care, and scope of the
relationships.
BIBLIOGRAPHY
- Asturias, C.U. (2020). Project Management II, "Project Management"
Interested parties, Specialization in Project Management
- Heizer, J., & Render, B. (2014). Principles of Management
Operations (Ninth ed.). Mexico City: Pearson Education.
- Project Management Institute, Inc, Sixth Edition, The guide of the
foundations for project management (PMBOK Guide)