Data compliance officer: the next big role in fundraising?

(via CharityChoice)

The sector is getting increasingly hot under the collar about the new General Data Protection Regulation (GDPR). Although the regulation doesn’t come fully into force until May next year, the Information Commissioner isn’t messing about: already it has fined 13 well-known charities for violating current data protection regulations.

Under the GDPR, charities will need to prove that they have the consent of the individual to collect, store and use their data. And to date, the commissioner has not been forthcoming with official guidance for charities on how to comply with this new requirement, leaving many in the sector feeling completely at sea.

Avoiding catastrophe

This greater value on personal and sensitive information is good news for the public, but not so much for any organisation that fails to comply with the new regulation. The stricter data compliance regime will undoubtedly lead to breaches, and with that the government has promised “effective and dissuasive” fines.

In the event of an unreported breach of personal data, organisations risk penalties from written warnings to regular audits, all the way up to €20m fines or up to 4% of their annual worldwide turnover. Along with these serious financial implications, the reputational damage that an organisation found in breach would suffer could be catastrophic.

Fundraising charities rely on information about their supporters to survive; such as names and addresses, financial information and other private data. Information such as this will always be integral to the fundraising process, and the storage and safety of this information will be too. But the GDPR’s rules around proving consent necessitate new processes at the back and front ends of data collection – and it’s going to be hard work. The fundraising sector has a lot of fundamental changes to make in a short amount of time.

Read more via CharityChoice...