Never mind the countdown to Christmas, there’s only 241 days left to get ready for Data Protection D-Day!
Last Thursday saw me at the SCVO Data Protection conference in Edinburgh. The event sold out remarkably quickly – evidence that the third sector has concerns about GDPR – the new data protection regulations which will come into force on 25 May 2018.
Now I’ll admit that data protection isn’t a topic I find particularly exciting. But like most people, I’ve read some of the horror stories about organisations that have misused personal data and been fined by the ICO. For third sector organisations, the threat of financial penalties is scary, but the issue of reputational damage is just as big a cause for concern. Loss of public trust and confidence can be devastating for charities and voluntary organisations.
So what can you do to minimise the risks to your organisation and make sure you’re ready for GDPR? Here’s five tips to start off with:
1.Make the Information Commissioner’s website your first port of call
- Get your house in order
Make sure everyone in your organisation knows that GDPR is coming and it’s going to have an impact. Not just your staff, but also your trustees and volunteers should be aware of the importance of managing sensitive personal data correctly. Remember – it’s your trustees that are ultimately responsible if anything does go wrong.
- Personal data – what, where and who?
Due to the nature of our work, most third sector organisation hold what can be termed as ‘personal data’. You should know what personal data you have, where it came from, and who you share it with. You should have a retention scheme that considers legal requirements and organisational needs. Any personal data you no longer need should be securely destroyed.
- Mind the Gap
Data breaches are everyone’s nightmare, so make sure you’ve got the right procedures in places to detect, report and investigate a personal data breach.
- Keep calm and carry on
Don’t be alarmed, there is information and support out there. As well as the ICO, the SCVO Datawareness campaign has lots of useful resources. Also all qualifying SCVO member organisations can access up to two hours of free legal advice which could be used to review your organisation’s data protection policies and procedures.
There’s just 90 days to Christmas, and 241 to GDPR. What are you waiting for?