It’s the biggest revamp of data protection laws that has ever been made and has been at the forefront of the news throughout a lot of industries, including the third sector. The GDPR (General Data Protection Regulation) is a new EU law that will come into place 25th May 2018 that will affect how your charity processes and holds personal data.
It’s crucial for charity organisations to make sure they are compliant in order to avoid costly consequences.
What is GDPR?
GDPR is introducing tougher data protection requirements, giving the end consumer/user greater control over what information is collected about them.
These user rights now include:
- The right to correct incorrect information
- The right to have personal data deleted
- The right to stop data being shared
- The right to move data to another organisation
It’s not just the fundraising team this affects, the requirements are across the board for all charities and you’ll need an organisational wide strategy approach. All data collected should be lawful, fair and transparent and to be collected only for specific legitimate purposes. Data also needs to be maintained making sure it’s accurate and up to date.
Start off by completing a full data audit of what personal data the organisations holds, where it came from and how it is stored will allow you to evaluate the processes and check points you will need to put in place.
All volunteers should be properly trained and equipped to protect donor data. The key emphasis of the changes to GDPR is giving users the right to access their own personal data and manage how it is used- you need to plan how you will deal with such requests to avoid it becoming an overwhelming job.
By updating your privacy policies you can utilise this as places users can find out more information on what data is held and how they can remove their personal data making sure you are clear from the off set about your data management.
There will be significant consequences for data breaches however, 75% of charities feel they do not have the skills to protect themselves from fraud or scams online. Make sure you have the appropriate procedures in place to detect and investigate any breaches of personal data so save your charity time and money.
Most of these processes should be in place to some degree already, the new GDPR laws are simply an evolution. Take this time to review your processes and make sure your charity is up to date with the most recent changes.
For further guidance and help you can visit the Information Commissioners Office site here