‘GDPR compliance’ is something that all charities and organisations alike (regardless of size) should be well familiarised with. Despite the impending deadline, most organisations are still not fully prepared for the changes. Read on to find out what you need to know to ensure that your organisation is fully compliant.
What is GDPR Compliance?
First of all, let’s start with the basics – GDPR stands for ‘General Data Protection Regulation’ and comes into action from May 25th 2018. It’s a regulation that applies to all countries within the EU and requires organisations to take special measures to protect the sensitive and personal data that they possess. This encompasses personal, demographic data, cookie data and IP addresses. The GDPR compliance has come about in response to rising concerns over the ever-increasing threat of cyber attacks and data breaches.
There are serious fines to bear in mind for failure to comply with the GDPR changes; there’s a maximum penalty of “€20 million or 4% of the company’s global annual turnover”. There are no questions as to whether the changes should be considered with a great deal of seriousness. However, GDPR compliance is more about meeting your obligations to the people who have entrusted data to your organisation, not to mention the adverse effects that it could have on your reputation.
TalkTalk recently got itself into hot water regarding a data breach and where subsequently fined £400,000 (which would have been a lot more had GDPR already been implemented at the time). However the estimated net amount lost due to damage of reputation were actually much, much more costly to the company.
What Can I Do To Ensure My Charity Or Organisation Is Prepared?
Now is the time to ensure that your charity or organisation is fully GDPR compliant, ahead of its roll out next month. Here are some measures that you can take.
- The first thing you’ll want to do is to appoint or identify who within your charity or organisation will be responsible for implementing a strategy for GDPR compliance.
- It’s a very good idea to have a mitigation plan in place in the event that a breach does happen.
- Put together a Data Management Strategy so that you can effectively keep stock of and secure any sensitive or personal data that your charity or organisation currently does possess and ensure that any future data gathered is done so in a GDPR compliant way.
- Ensure that all the relevant personnel within your company are well versed with the GDPR changes and that they are well familiarised with the new rights that the changes will entitle data owners to.