Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR and Charities

by Adam Brogden
in Blog

22-Jul-2019 10:21

The ICO has produced a very useful infographic showing key data protection areas organisations should focus on. This was produced as a review with 8 charities but I think this applies to all companies. The report suggests 5 key areas:

1. Be transparent about people’s data

People should know what organisations are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice), so it’s important you are open and honest with people about how their data will be used. Remember that for consent to be valid it must be fully informed, freely given and not bundled together with general terms and conditions.

2. Prepare for the unexpected

Experience shows that organisations find it much easier to deal with unexpected situations when they have a plan in place that has been tested before. Make sure everyone in the organisation know their roles and what procedures are in place in case of an incident involving personal data. Having a reporting policy is very important, including an incident log or a method of rating the risks associated with a data breach.

3. Keep on top of data housekeeping

Organisations must not keep personal data for longer than is necessary. Have a retention policy in place that sets out when and how personal information needs to be reviewed, deleted or anonymised. People can request to have their data erased, so this should also be part of your retention policy.

4. Set compliance goals

Data protection compliance should be one of the main priorities of an organisation. One way to know how well you’re doing is by setting Key Performance Indicators (KPIs) that can be measured regularly.

5. My personal favourite, Host training sessions

New employees must receive comprehensive data protection training to explain how they should store and handle personal information. Refresher training should also be provided regularly for existing staff with up to date information, reminding colleagues about their data protection responsibilities.

Click here to take a look at the ICO report for more information.

Many thanks to the ICO for producing this useful info.

Good luck all.