In 1980 the OECD published Privacy Guidelines. I was in school. Following the publication, the EC started its journey to regulate the privacy of personal data which culminated in the General Data Protection Regulation in 2016. I grew up, learned about the value of privacy to others (and myself), the value of the GDPR and the risks that it poses to small and medium countries.
As part of the preparation to deliver a service you need to understand all the relationships involved and the part each plays in the service.
A Data Protection Programme coordinates and controls all the activities required to meet the requirements of data protection legislation. It ensures that records of data processing are created and maintained and that the risks of data processing are identified, assessed, and appropriate actions agreed. The programme assures a regular review of the risks and tracks the performance of the plan.