With the threat of large fines for breaching the regulations and the risk of significant reputational damage, it is crucial for organisations to update all policies and procedures to ensure they are fully compliant in time for the deadline on 25 May 2018.
As a sector already under heavy scrutiny, errors could prove disastrous for public trust and confidence.
While everyone’s personal data is important and should be treated as such, information held by charities, by its very nature, is often even more sensitive than in other organisations.
Scandals surrounding the mishandling of sensitive information can be catastrophic, and ultimately could result in the breakdown and closure of vital services. To prevent this from happening, charities must ensure that proper procedures are in place and staff are fully trained in data protection before handling any information.
Charities must consider multiple factors when assessing whether current data practices are compliant with GDPR legislation. If your charity handles service user information in-house, a clear policy must be created and implemented at all levels.
Policies should state how information is collected and used and must include a clear strategy for protecting it. Any staff or volunteers handling data of any sort must also be fully trained how to handle data under the GDPR.
If your charity outsources service delivery, it’s important that you are confident your provider has this covered, as any potential mistake could be have serious repercussions.
Ensure your helpline provider’s staff are fully trained in compliance. Any provider you choose should be preparing for the GDPR by ensuring their systems are in line with the legislation.
Any provider you use must have a good understanding of the following basic tenants in GDPR before contacting any users or donors.
To read the full Charity Digital News article click here.