Monday, 5 February 2018

GDPR and charities: Preparing for the most important changes


KEY POINTS

While it was designed to put an end to the complacency shown by big business, every organisation that holds data on its customers, irrespective of its size, must abide by its rules; this means every small business, one-man-band, charity or voluntary organisation.

Charities potentially have the most to lose from the GDPR, and yet typically have the smallest budgets to prepare for it. Charities live and die by their database of donors and supporters. Under the GDPR they will be required to provide evidence for every single name on that list to prove their opt-in status. Given the length of time that such lists will have been cultivated, and the various means by which a customer will have provided their information (over the phone, online, face-to-face or even from a third party organised fundraising event such as a marathon), many charities will struggle to provide this information readily for a large proportion of their database.

The implications for this are clear; if the charity cannot ascertain exactly how everyone on the list came to be there, they will have to seek their re-approval. If only 50% of respondents reply then, under the terms of the GDPR, they may have to delete half of their database. It doesn’t take long to realise the ramifications for their funding in this instance, and the knock-on effect this will have on the lives the charity supports.

This is the minimum expected from a charity under the GDPR:
1.                  Tell people what you are doing with their data and who it will be shared with
2.                  Make sure your staff are adequately trained on how to store and handle personal information
3.                  Use strong passwords (we would recommend always using a random password generator)
4.                  Encrypt all portable devices such as memory sticks and laptops
5.                  Only keep people’s information for as long as necessary

With regular training, the use of GDPR-compliant systems and good data routines (passwords, encryption, etc.) you can help to foster a good GDPR culture. Your people must be cognisant of their responsibilities.

SOURCE
https://tinyurl.com/yccansc6


NEED SUPPORT WITH GDPR?
           
Jersey Charities Q&A
https://gdprjersey.blogspot.com/

Jersey Data Protection Association list of GDPR events
https://www.eventbrite.com/d/jersey--saint-helier/jersey-data-protection-association/

Data Protection Reform in the Channel Islands
https://thinkgdpr.org/
https://thinkgdpr.org/article/gdpr-guidance/

CONTACT

TimHJRogers@AdaptConsultingCompany.Com
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)