Who owns the Data? does the business expect SecOps or IT to manage? (Hint: very often “yes”)
Where is the budget for managing the DLP solution coming from after implementation?
Is the business going to accept the inconvenience of DLP rules “upsetting” their daily workflows”
Will the business get sufficient value from the ongoing investment
What Data needs “Loss Prevention”, is there a better way to do DLP, because maybe the business only needs to protect accidental emails etc (Hint: often yes)