As the clock ticks down to 25th May 2018, millions of organisations across the UK are busy reviewing their data security in preparation for the biggest overhaul in data protection law for more than 25 years. Next year, the General Data Protection Regulation (GDPR) comes into effect, replacing the current 1998 Data Protection Act.
GDPR is the result of four years of EU consultation to enforce new, stringent legal requirements for how organisations process personal data. It will ultimately democratise data privacy for consumers, making it vital for their consent to be given before their personal information is stored.
While most of the focus on GDPR has been on commercial businesses, it’s worth noting that charities are not exempt from controversies surrounding data privacy either. The Information Commissioner’s Office has recently handed out several fines to a number of reputable charity organisations for swapping or selling donor lists containing confidential information. As a result, the charity sector needs to understand and prepare for these changes.
Following the launch of GDPR, organisations will have an obligation to provide clear and transparent guidelines about how personal data will be used and, once stored, ensure that individuals can access and amend this data can quickly and easily. Anyone that fails to meet these new codes of practice face fines of up to €20m or 4% of their annual turnover, whichever is higher.
A Chance to Build Trust
The launch of these new rules follows several high-profile cases involving the violation of data privacy in previously unforeseen ways. For example, Facebook was fined €1.2 million earlier this year for privacy violations in Spain, as people’s personal data on ideologies, religious beliefs, sex and personal tastes were used illegally for advertising purposes.
Charities run the risk of falling foul of data protection rules too – and risk damaging their reputations as a result. The well-documented collapse of Kids Company caused serious harm to the public’s perception of charities. In fact, last year, the Charity Commission found that trust and confidence in charities was at its lowest level since the report began in 2005.
However, there is light at the end of the tunnel for the UK’s third sector. In the same report, the Charity Commission revealed that 1 in 10 people identify effective management as the most important factor in their trust and confidence in charities. As such, charities now have an opportunity to view data protection as an act of corporate social responsibility that can boost their public image, as well as a legal requirement.
The purpose of GDPR is to keep personal data safe, so if charities can embrace this legislation and show a willingness to comply, it will send a clear message to their supporters that the organisation really cares about protecting their private information. As a result, those charities that can successfully navigate the transition to GDPR have a chance to engage with their supporters in a more open and positive way.
To read the full Charity Digital News Article click here.