Protecting Your Data
The implementation of the much discussed EU General Data Protection Regulation (GDPR) is fast approaching. All charities operating in Ireland will be affected. It is being enforced so that EU citizens data is protected correctly and ethically. This will ensure companies and charities alike are protected against potential cyber threats. The key thing to remember about the GDPR is that you must be seen to actively working towards being compliant. Previously you would only be inspected by the Data Protection Commissioner if they was data breach or a suspected one. Under the GDPR you can be inspected at anytime, you don’t have to be perfect but if you’re not seen to be working towards being compliant then you will be in trouble.
For charities here are a number of specific challenges you will face when becoming compliant with the GDPR:
Resourcing challenges - For most charities they will not have the resources to employ a full time Data Protection Officer to ensure compliance with the GDPR.
Training challenge - Having access to the correct and most up-to-date data protection laws and having the staff available to mentor others in the organisation on compliance with these regulations will be a challenge for many charities.
Policies - Having the correct policies and procedures in place will be another time-consuming challenge. The GDPR will require charities to show evidence of their updated policies in order to be compliant.
Employee and Volunteer data - Charities are reliant on their employees and volunteers to ensure they can provide the services and supports they do. With this all employee and volunteer training must be correctly recorded and securely stored. All those who volunteer must be trained in data protection protocol. This will be another strain on resources.
Data breaches - Any breaches of data security must be reported within 72 hours under the GDPR. Without the resources available for a Data Protection Officer charities could potentially struggle to identify and take the necessary actions required to rectify such a breach.
Outsourcing/ 3rd Parties - Many charities use 3rd parties to recruit volunteers for fundraising activities such as door-to-door and direct mail campaigns. It will be the charities responsibility to ensure that they know where this data is stored, that they keep processor logs and that the relevant processor agreements are in place.
Getting ready for the GDPR may appear quite daunting but the key thing to remember is that you need to seen to be compliant. The worst thing would be to have a data breach and not have policies, training and proper record keeping in place when you have to report the breach to the Data Protection Commissioner. However, if you are seen to be working towards being compliant with the GDPR you will be in a much stronger position.
So how to prepare for the GDPR? LIKECHARITY have partnered with Ireland’s leading data protection service provider Sytorus to offer the charity sector a customised solution called LIKECHARITY Privacy Engine. The partnership came about as we are using Privacy Engine to prepare for the GDPR and found it indispensable.
This tool allows charities to:
- Maintain all mandatory logs.
- Train staff and measure their awareness.
- Maintain all relevant policies and procedures.
- Identify risks and assign tasks to others.
- Interact live with an actual Data Protection expert to answer your ‘how do I’ questions.
The deadline for GDPR is only around the corner and you need to be preparing now, not after May. Click here to find out more about the reduced charity rate we have available for Privacy Engine.