The General Data Protection Regulation (GDPR) came into effect in May 2018, bringing with it a lot of uncertainty for organisations. Businesses from all sectors struggled to get all their ducks in a row before the May 18th. deadline. Now almost three years on, how is complying with this regulation affecting charities and not-for-profits?
In the charity and not-for-profit sector, a lot of organisations invested significant time revising privacy and data security policies and putting new improved procedures in place, but when the the deadline passed, the dust settled and GDPR slipped out of focus.
It will soon be three years since the introduction of GDPR and we are just beginning to see the impact the regulations have had and the impact of compliance breaches. In Ireland, in the first full year (2019) the regulation has been in place, the DPC (Data Protection Commission) handled over 7,000 complaints, 76% of which were categorized in five main headings: Access Requests, Disclosure, Fair Processing, E-marketing complaints, Right to Erasure.
The marked increase in the numbers of complaints generated year on year in the last five year period 2014-2019, signifies the increasing awareness of data subjects and the general public of their data protection entitlements under GDPR. This means organisations must continue to ensure compliance with GDPR, making data protection an operational priority that is here to stay. The effort and resources required to maintain compliance must not be underestimated.
While most charities and not-for-profits got there in the end in 2018, it was a struggle. One of the areas that many organisations are finding a burden is in the area of access requests. Data from the Irish DPA shows Access Requests as the top category (29%) of complaints. Under the regulation, organisations only have one month to deliver their information to data subjects upon request. Failing this will result in not only fines but mistrust from those who support the organisation.
Charities and not-for-profits who’s data resides in different systems, databases or lists – find compiling this information laborious and time consuming and there is also the risk that data may be overlooked or omitted and may result in non-compliance with the data subject request.
These organisations need to consider their new business processes surrounding the individual access rights and should anticipate more enquiries of this nature. Handling and processing these enquiries comprehensively and efficiently and within the required timeframe, means considering where your data resides – is it spread across several different systems and department or is it centralised ?
Handling access requests is certainly not the only issue with multiple data sources or silos, data duplication becomes a major bug bearer and can hamper fundraising campaigns or membership recruitment drives. Keeping communication preferences up to date becomes labour intensive and and organisations constantly worry about the risk of sending out duplicate emails/ letters and may send to a donor or supporter who has requested to be removed from your mailing list.
Your concerns about data protection are at the very heart of what we do at CHAMP CLOUD. CHAMP is a centralised repository for your data and has a range of features and tools that make the job of complying with GDPR so much easier. to help your charity or not-for-profit to get and stay compliant with GDPR.
To find out more about how we can help you on your GDPR compliance journey? Download our guide or get in touch directly with us today by emailing firstname.lastname@example.org