Changing Data Protection legislation - don't get stung with a fine!
Photo by CODATA International CC BY 2.0
14 June, 2017
From May 2018, VCSE organisations risk a fine of up to £500,000 for non-compliance with the new General Data Protection Regulation (GDPR). They could also lose large volumes of data they rely upon for fundraising and communicating with service-users, members and other stakeholders.
Whilst it may seem like a long way off, third sector organisations are being warned that they may need to allow a considerable amount of time - and capacity - to become compliant with this piece of legislation.
Following a series of well publicised scandals involving gross misuse of data by charities, VCSE organisations are under pressure to ensure they make the necessary changes to avoid serious problems in future.
What is different about the GDPR?
The new legislation builds on the current Data Protection Act, however there are additional measures that must be in place by May 2018 – and this process should not be underestimated.
In most cases, organisations must have explicit permission from an individual to hold their personal data. It will no longer be legal to simply ask people if they wish to ‘opt out’ of having their details used by the organisation in question, after you have acquired them.
This resource (from 2040 Training) breaks down the changes to the law, and provides a straightforward guide for charities to implement it.
Will this change the way my organisation works?
Not only will the GDPR affect fundraising practices, VCSE organisations must change the way they communicate with those on their databases, and even consider how they use third party data such as Google Analytics and Mailchimp.
In short, organisations that hold any data on service users, donors, and members - or indeed anybody who receives communications from that charity - are being advised to start work on implementing the changes now.
Aside from avoiding a hefty fine, there are other advantages to overhauling your data systems: by asking everyone on your database to ‘opt in’ you can weed out old contacts, and gain a more accurate picture of how many ‘live’ contacts you really have. You may be surprised!
If an organisation does not get the right permissions to retain the data it currently holds, it will have to destroy that data - potentially having a huge impact on service delivery and / or its fundraising abilities. If it holds data illegally (without the correct permissions) it could be faced with legal action and a fine.
Don't panic: a simple guide to making the changes
Voscur has created a straightforward, step by step guide to making sure your organisation is fully covered, along with links to other useful resources. Click here to view our guide.
Throughout the year we will be featuring different aspects of the GDPR law, with helpful tips for getting everything in place in time for the change in legislation.
Rate this content: