Organisational Development

Tag Archives

What It Means to Be a Digital Charity Leader

Zoe Amar discusses why digital leadership is so important for charities and looks at the role digital leaders play in driving transformation.

Is digital leadership the new digital transformation? It certainly seems to be one of this year’s buzzwords. A total of 20 individuals and organisations from the non-profit sector made it into the 100 finalists for Digital Leaders earlier this year. Meanwhile, Julia Unwin, chair of Civil Society Futures, recently blogged about how social change is now driven by networks and movements, asking whether we need new styles of leadership to drive this. #Icebucketchallenge was a case in point, an organic campaign that came from nowhere and raised more than $115m (£88m) for motor neurone disease in a single month.

Yet such events rarely happen in isolation. Behind every amazing campaign or digital initiative is a great leader – and it doesn’t always have to be the CEO.

So, what is digital leadership? Is it really more than a passing fad? And why does it matter?

Leadership Has Changed
Digital is a fundamental part of the way the modern leader operates. It’s not just being on the channels – it’s using them to build networks, be more collaborative and respond quickly. The command and control model of leadership feels increasingly analogue, clunky and old fashioned. Your charity may have run the same services for decades but the world in which it operates has changed radically.  That’s why we’ve decided to recognise digital leadership for the first time this year as part of the Social CEOs awards.
David McNeill, Director of Digital at Scottish Council of Voluntary Organisations, defines digital leadership as “leadership that’s fit-for-purpose in a modern world. We perhaps too often deliver the same services, in the same way as we always have. We need to take more time to reflect on whether our services still meet the needs and expectations of our users, as well exploring whether there are more efficient and effective ways of working to achieve the same outcomes.”

Remember the brands that were once household names but failed to adapt to the times, such as Kodak. A forward-thinking leader, quick enough to respond to change, would have spotted that their organisation had to modernise and go digital if it was to thrive.

To read the full Charity Digital News article click here.

GDPR: An Explanation of Data Retention And Why It Is Important for Charities

After outlining what GDPR means for charities in the first of a series of posts, Andrew Cross, Data and Insights Lead at Lightful, delves specifically into data retention and subject access requests, how rules around these will alter under GDPR, and how best to prepare for it.

Data Retention is defined by the ICO as: “Data kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals”.

In plain English, data retention means that if data is no longer in use or required to be kept for a specific purpose then you should either delete it altogether, or anonymise all parts of the information that would give away the identity of the individual. By dealing with data in this way you are adhering to the organisational and technical safeguards stipulated by the GDPR.

What does this mean for my charity?
Non-profits are usually in possession of personal data that they gained when they were founded (which could be many years ago) and most of this pertains to historical donations or engagements with the organisation. However, if the supporter has not interacted with the charity within a reasonable time frame, then we can assume their information is probably not needed for analysis purposes and it should therefore be discarded or altered as explained above.

Unfortunately, most organisations lack clear retention polices and their CRM systems often do not have the functionality to perform these deletions or anonymisations adequately through the front end or administrative areas. Technical workarounds are an option but that either requires having the skilled staff in-house or hiring expensive consultants.

To read the full Charity Digital News article click here.

Faith Organisations Governance Training

Near Neighbours is running a half-day workshop that will explore topics of interest including: What is an Accountable Body, Understanding Organisational Language, Choosing a Legal Structure, The Charitable Context and Operational Planning Policy & Procedure. The training will be supported by examples and good practice handouts using real life experience of national and local situations from a wide range of organisations and communities.

The workshop is suitable for anyone who wants to fully understand their organisation and help it to achieve better governance and practice. John McCallum, the facilitator, is the Near Neighbours East Midlands Coordinator. John has 30 years of experience in the faith based voluntary sector and has worked across the UK with local and national organisations.

The  date is Wednesday, 1 November 2017, 10 am to 2 pm.  The venue is Brasshouse Community Centre, Smethwick.

There is a charge of £10.  Please register for the training via Eventbrite

Lunch will be provided.

Almost two thirds of charities have no plan in place for GDPR, finds IoF

Almost two thirds of respondents to an Institute of Fundraising survey said that they do not have a plan in place for new data protection rules that come into force next spring.

Sector leaders have now called on the government for more support getting ready for the General Data Protection Regulation, which comes into force on 25 May 2018.

The Institute of Fundraising has recently published results from its How Charities Are Preparing for GDPR survey, which received 340 responses from charities.

Just over one-fifth said that they have not done anything to prepare for GDPR, and 40 per cent said they have started thinking, but not come to any decisions. Just 2 per cent are ready ahead of schedule, and only 35 per cent say they have a plan in place.

Nearly 65 per cent of respondents to the survey identified as ‘small’ charities with annual incomes of less than £1m. A further 20 per cent of respondents were medium-sized charities, with incomes between £1 and £10m a year, while just under 15 per cent of respondents said they were large charities with annual incomes of more than £10m.

Read the full article.

Charity Sector Entering ‘Wild West as UK Hits Peak GDPR Frenzy’

Charitable organisations and the not for profit sector must take greater care when choosing General Data Protection Regulation (GDPR) compliance partners by ensuring that the right balance of legal and technical delivery skillsets are in place. This is according to ST2 Technology who suggests that a failure to do so will inevitably lead to significant compliance failures after the new regulations take hold.

GDPR means significant changes that will affect this sector, despite organisations’ funding constraints and relatively small size. However, as charities hold some of the most sensitive and personal data in the UK, this will not go unnoticed by the Information Commissioner’s Office (ICO).

Re-prioritise spend
Richard Hannah, Head of Consulting at ST2 Technology, suggests that charities and Not for Profit organisations will now need to re-prioritise their spend. Although these companies may be tempted to believe that their charitable status means they will not be liable for fines, despite all their good work, they will be expected to maintain the integrity of their data.

He explains: “Radical changes to how charitable and Not for Profit organisations manage their information will be required if they are to be compliant when GDPR comes into force. This is creating a sense of urgency as organisations try to get to grips with their data, how it is handled, where it is stored and who has access to it. However, as a result there has been a rush from consultancies to fill the market void, leading to untested and potentially incorrect approaches to ensuring compliance. We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19.”

Richard continues: “Unfortunately, there has been a sharp rise in assessment kits and non-specialist consultants offering advice to organisations on how they can ready themselves, despite not necessarily having the relevant and appropriate experience. With GDPR offering citizens compensation when a breach occurs, the regulation could spawn ‘PPI’ type agencies to pursue claims against local authorities.

“For many consultancies, customers looking for partners to help them become compliant with GDPR is the equivalent of a new gold rush – however, less speed and more haste should be the mantra as we all work with the new data landscape now coming into view.

“GDPR is not just about company records, data and processes, it is also about the law as it affects an organisation’s funding arrangements, membership management, manual and computer record keeping and its ability to transform the way it works, to both deliver its mandate and maintain compliance – doing nothing really is not an option and many of this sector’s issues are systemic.”

Source: Charity Digital News

GDPR: What Does It Mean for Your Charity?

On Tuesday 19 September, Lightful and Social Misfits Media hosted an event on General Data Protection Regulation (GDPR).

The event covered, in detail, what GDPR is and the differences between GDPR and the Data Protection Act (DPA). The role of the ICO was explained as well as the consequences of falling foul of compliance, with examples given of where charities have already been fined. This was delivered by Susie Perks, Major Projects Lead at Lightful.

The event ended with a panel discussion chaired by Haydn Thomas, Head of Services at Lightful, with panel members Stephen Oatley, Head of Events at ABF The Soldier’s Charity, Andrew Cross, Data and Insights Lead at Lightful, and Howard Ricklow of Collyer Bristow.

The Biggest Hurdle
Stephen said the biggest hurdle his charity had faced was reviewing the data held on their existing database and implementing the correct processes.

ICO Registration
Howard said that any organisation that processes data should register with the ICO as failure to register can lead to fines. Although it’s probably unlikely that the ICO would fine charities for not registering, there’s really no reason not to do it as it’s free to register. The only exceptions are very small organisations who only process data for things such as payroll. The process to register is simple and straightforward and if you need assistance, look at others who have registered to see what they have said about how they are processing data.

Privacy Shield
Andrew advised to check whether third parties, such as Facebook or JustGiving, are registered with the ICO but also said to check that if they are in the US that they are part of the Privacy Shield or ensuring that there are data-processing agreements in place that are compliant with EU privacy laws.

Legitimate Interest
One of the burning questions from the floor was around ‘legitimate interest’ and what that really means. Howard advised that while official guidance from the ICO is still a few months away, the DMA have produced a useful guide.

Data Breaches
Andrew gave an example of what would constitute a data breach: if you send out an e-mail where you attach an excel of personal data, by accident, this would constitute a breach. You would then need to notify the ICO within 72 hours and explain how it happened, what the risk was for – e.g. were there bank details, high-profile names, physical addresses included, etc., who it affected, what processes you followed and what new processes you put in place to ensure it doesn’t happen again.

To read the full Charity Digital News article click here.

GDPR, Charities and The Views of Donors

An interesting blog asking whether charities are giving enough consideration to how the public feel about the incoming changes from GDPR has been published by nfpSynergy.

The blog, written by Jo Fischl, head of public audiences research at the think tank, argues that while a number of reports have been released on the legal ramifications for charities, alongside conferences and events aiming to support charities to be GDPR ready, relatively little has been questioned about how the public might feel about this incoming change to how their data is treated.

Based on the latest findings from its quarterly Charity Awareness Monitor, the organisation says that, of donors surveyed:
• 47% said they’d opt in to hear from the charity about what they did with the money donated
• 16% opted in to be asked to donate to future appeals
• just 5% said they’d be willing to have their data shared with carefully chosen charities

“There’s no getting away from the fact that GDPR is going to have a significant impact for charities,” wrote Fischl. “With donors reluctant to opt in to contact, we’re likely to see charities’ databases shrink and, as a consequence, incomes fall.”
Fischl went on to outline what charities should be keeping in mind, to give them the best chance of navigating these challenges, namely:

• Those donors who do choose to opt-in are very likely to be you most committed advocates. You have the opportunity to build better, more personal relationships with these donors – alongside considering ways to diversify income streams as methods reliant on personal data are diminished by opt-in.
• Develop a culture of transparency with the public – many people currently approach their relationship with charities with suspicion and unease – if we are going to encourage the public to actively agree to communications from the charities they support, we need to be active ourselves in creating a cultural shift in this mindset.
• Be creative in your opt-in ask – now is the time to stand out if you want your supporters to opt in. You are competing against a myriad of other charities (as well as businesses), so your creatives and messages need to shine to help you meet your retention goals.

nfpSynergy’s report, GDPR – The Change That Charity Donors Want, will be fully released in September.

Source: Charity Digital News Article.

Charities Must ‘Better Plan to Mitigate Cyber Risks’

It’s no surprise that cybersecurity is a priority for most charity-technology leaders today but does the wider charity workforce understand the need to invest in it?

With more digital threats today than ever, it’s important that charities put plans in place to mitigate potential risks and address any skills shortfalls, regardless of perception.

Although it can take significant time for an organisation to improve its capacity to respond to cybersecurity challenges, existing resources can help – for example the Government’s Cyber Essentials Scheme. There is no charity-specific standard for cybersecurity; charities are expected to use the same, well-established, risk-based approach to cybersecurity management that other organisations use.

Common Vulnerability Trends
When thinking about establishing digital security, the first step is to familiarise yourself with the most common threats today – two of which being ransomware and data breaches.

  •  Ransomware attacks in recent years have begun using fear to compromise organisations – encouraging the victim or organisation to hand over money to deter the assailant from stealing and deleting vital data. Although these attacks could be described as reasonably “low tech”, few organisations have plans to deal with these situations if they do occur – or know how to protect their systems from such a hijack in the first place.
  • Data breaches, for example the massive breach reported by Yahoo in 2013, have underscored the critical need to actively protect against cyberattacks on information technology systems and thefts of sensitive information. In the charity sector, such information can vary from details of fun run volunteers to highly-sensitive information on human rights investigations.

Tackling Organisational Awareness
One of the most significant challenges that data protection law poses to charities is around broader organisational awareness of how data is managed. For instance, how many databases do you have containing donors’ personal information? Where is this stored? Do your volunteers or employees ever share sensitive data on USB sticks?

To read the full Charity Digital News Artcile click here.

What Is GDPR and How Will It Affect My Charity?

In the first of a series looking at GDPR and what it means for charities, Andrew Cross, Data and Insights Lead at Lightful, one of the only GDPR Certified Practitioners in the beyond profit sector, explores the basics of the new regulations.

If you’ve not heard of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, then where have you been hiding? OK, so maybe you’ve heard of it but not actually done anything about it yet. Don’t worry, it isn’t too late to read up and start on the road to compliance.

GDPR is a replacement to the Data Protection Act (DPA, 1998). It aims to standardise the way Personally Identifiable Information (PII) is dealt with in terms of Data Controllers (i.e. organisations that collect personal data) and Data Processors (i.e. a third party you share data with) and that exist within the EU or countries operating outside of the EU that process data on EU nationals. If you are processing personal data within the UK, we advise that you register with the ICO as soon as possible.

Ultimately it gives back control and ownership of data to the individual. In terms of compliance, this should be what you adhere to now; however, it does not come into enforcement until the 25 May 2018.

Data controllers vs processors
Let’s take Charity A as an example. This charity will generally be considered a Data Controller, collecting the data of supporters in order to engage and communicate with them in a variety of ways. One of these ways may be to send out direct mail via a fulfilment house (which would take on the role of a Data Processor). The vast majority of charities will fit into the Data Controller category and will be ‘processing’ some data even if it that means just ‘storing’ the information.  And it isn’t just supporter data; it also applies to staff data, service user data, trustee data etc.

I hate to break it to you but…
GDPR doesn’t just affect the charity sector. It’s sector-wide. It affects every organisation- no matter your size or whether or not you have a ‘data person’, so decide now who is going to lead on GDPR compliance in your organisation. And… if you fall foul of the law, you will face consequences, which could include a fine from the ICO, enforcement notices, audits and even possible prosecution. Read more about the action the ICO could take.

To read the full Charity Digital News Article click here.

Reasons Why Cyberattacks Succeed Are Revealed

Security professionals have named the main reasons why cyberattacks are successful, providing an insight into the areas charities need to protect.

Malware protection specialist Lastline surveyed attendees at the Black Hat 2017 security conference and found that nearly 55% of respondents have suffered a cyberattack within their respective organisations, with 20% being hit with ransomware. While human error is a contributing factor behind these attacks, the survey also found scarce resources to help security teams respond, and a lack of best practices being implemented to prevent future attacks.

Results of the survey include:

  • Human error continues to be a key cause of cyberattacks: 84% of respondents whose company has suffered a cyberattack attribute it, at least in part, to human error, likely exacerbated by understaffed security teams and a flood of alerts and false positives. 43% say technology detected the attack but the security team took no action, while another 41% attribute the attack to a combination of technology and human error.
  • Ransomware is on the rise, but not necessarily effective: One in five organisations has been victimised by ransomware. Of those hit, just eight percent actually paid the ransom while nearly two-thirds refused.
  • Information resources to understand and mitigate attacks are scarce: Overall, 42% of respondents have no helpful source about the specific attack and are left to figure it out themselves, while 52% seek online information from security experts and vendors, and another 19% rely on peers.
  • Organisations are playing roulette with infected computers: Only 28% of respondents follow best practices and erase and rebuild a computer’s software after a potential malware attack. Seventy percent either manually erase (46%) or rely on AV tools to identify and clean the malware (24%), often resulting in the malware staying in place on the infected machine to continue its attack.
  • Cybercrime: risk versus reward: Despite the recent rise in ransomware, just one percent believes it is the most profitable crime with the lowest risk of getting caught. That distinction goes to cyber espionage (43%) followed by enterprise financial fraud/embezzlement (31%), and identity theft and online banking fraud (25%).
  • The case for preemptive hacking: When questioned whether hackers should be hired to test security systems, six out of ten respondents were open to the idea, suggesting a willingness to try every possible resource to ensure effective security. Only 43% responded with a definite “no.”

“The threat of a cyberattack is something that organisations have to deal with on a daily basis,” said Christopher Kruegel, CEO, Lastline. “This survey highlights the need to adopt best practices and equip security teams with better tools to eliminate false positives and provide crucial information to help them prioritise and address those events that present the highest potential risk.”

Source: Charity Digital News Article.


Page 1 of 6123...Last