GDPR - are you and your volunteers ready?
What is GDPR?
Data Protection is a key issue in any organisation, whether public, private or third sector. From volunteers to CEOs, anyone working with personal data is responsible for its safety.
GDPR, or the General Data Protection Regulations, is the latest EU data protection directive, which comes into effect on 25 May 2018 and applies to any organisation working within the EU – and will continue to apply to the UK post-Brexit.
Major overhauls of the legislation include changes to the way consent is given and stored, Subject Access Requests, and the ‘right to be forgotten’. Bigger penalties will also apply for non-compliance, ranging up to €20 million or 4% of total worldwide annual turnover, whichever is higher.
How will it affect charities?
It’s not just fundraisers who will be affected, or big charities. If you work with personal or sensitive personal data – which can include details relating to volunteers, staff, service users, donors and customers – you have a responsibility under the new regulations to make sure it is being handled, processed and stored in the correct way. The new regulations require a whole organisation approach, including making sure that systems are in place to keep data secure and maintain audit trails.
Small charities and non-profit groups may be the most vulnerable to breaches and fines, due to a lack of awareness, and small staff teams which are under a lot of pressure already. These groups may not have the resources available to bring in a consultant or extra team member to do the work of data protection compliance.
What can you do to avoid a breach?
Don’t panic! Take it step by step, and remember there are still 9 months to get any changes in place. Make sure your whole team, including volunteers, is aware of the new regulations and when they come into effect. Put together a plan for your organisation to become compliant – and then implement it.
The ICO (Information Commissioner’s Office – the ones wielding the stick) put together a 12-step guide to becoming compliant; or take a look at this 5-step guide by The Access Group, specifically aimed at the third sector. Full details of the regulations are on the ICO’s website.
Take our quick quiz to find out how much you know about the new regulations, and get on the mailing list to find out about upcoming GDPR training.
IT security company Sophos has also put together a compliance check to assess where your organisation stands with GDPR compliance.