How GDPR affects charities
In addition to understanding the General Data Protection Regulation in businesses, it is also essential to understand the role of the GDPR in non-profit organisations. Any organisation that will hold personal data will need to comply with the new GDPR. The new regulation can be an opportunity for charities to rethink the way they store data, and whether or not the processing of sensitive data is effective. There are a several ways the GDPR might affect the way charities manage data and consider their current processes.
The information about volunteers and the training they receive should be just as employees, and this might result in a processing rethink. An audit is a preferred method of beginning to prepare for the GDPR. This will identify what information you hold, the place of origin, and where you will use that data.
The audit will provide a basis for what needs to be done to comply. The location of the information is essential, as well as the length of retention, and most importantly the risks associated with holding the data. These are all things that might need reconsidering; it may be worth following best practice in business to make sure non-profit organisations comply with GDPR.
Volunteers should also have the necessary and sufficient training for GDPR. This will include making sure there have refresher training sessions to keep data protection issues at the forefront of staff minds. Training can consist of training on transferring data securely and the importance of complex and regularly updated passwords. Any policies that you create as a result of the GDPR need to be distributed, and these policies need to be fully understood.
The individuals whose data you hold need to be able to provide explicit and educated consent. The information about consent will need to be separated from the terms and conditions and will need to be presented in a way that the individual can fully understand. Approval must be actively acquired and reviewed to ensure understanding and avoid miscommunication. Information about what data you store about an individual must be easy to find, and always present.
Consent will cover the donors as well as individuals that your charity helps.
Ensure that all technology used to store personal data is secure and encrypted. This should include hard drives and memory sticks. Encrypting technology can avoid data breaches, and protect the data of the individual, as well as protecting the charity.
Charities may need to include in their budget the scope for enhanced IT solutions, to make sure all of the technology they use complies with the necessary regulations. At Cyan Solutions, we can help to ensure you have the right IT solutions in place that will conform to the essential requirements.