I personally support a number of charities and can’t help feel disappointed when
I read reports of fines for manipulation of data. Collecting more personal
information than offered; ranking supporters based on earnings; and sharing
personal data are all clear breaches of DPA and enforcement action seems
entirely justified. Fines given to charities seem to be significantly smaller than
for other organisations – not sure of the justification for this but maybe this is okay.
Under GDPR the situation gets much worse for charities. GDPR allows member
countries to grant variations for charities and religious institutions but given the
current situation in the UK we can assume that charities will not be exempt in
any way. So how are charities going to cope with this change?
Big charities – the ones that look just like big corporations will do just fine. They
have the resources, funds, technology to deal with these changes [just like big
corporates], small charities – those run by willing volunteers and part-timers
will potentially suffer. GDPR is complex, confusing and difficult to implement.
How are small charities going to have any chance?
We are offering our data management services and GDPR advice free to small
charities but even so most are finding the whole process quite daunting. It
would be such a shame if small, well-meaning, invaluable charities decided the
risk was too high and just ceased their activities.
GDPR will affect everyone – maybe now also the vulnerable, innocent bystanders
that local charities used to support.
Good luck all.