A year today (25 May 2018) all organisations are going to need to comply with new data protection rules called The General Data Protection Regulation (‘GDPR’) which will be enforced by the European Parliament, the European Council and the European Commission to strengthen and unify data protection for all individuals within the European Union (EU).
The charity sector in particular has come under serious fire over the last couple of years for its use of data to engage with potential donors. A practice that some may say got out of control and hit the headlines, due to the death of 92 year old Olive Cook who took her own life after being targeted for donations from over 260 charities.
Up until a few months ago I had not heard about GDPR, then I started to read what will be happening and the impact it will have on communications within every organisation – not just charities- in the UK. It is still a very complicated area and there are still many unanswered question.
The primary objectives of the GDPR are to give citizens and residents back control of their personal data.
The GDPR has been approved by the UK Government and will come into force well before the UK leaves the EU and will therefore still apply for all companies, even after Brexit. However, since the Brexit vote, worryingly a quarter of UK businesses stopped preparing for the GDPR, thinking the regulation wouldn’t apply once the UK leaves the EU. However, the advice from the Information Commissioner’s Office (ICO)is that “Businesses should be forging ahead with preparations to comply with the EU General Data Protection Regulation (GDPR) regardless of Brexit which has created some uncertainty and may have caused some organisations to “take their foot of the gas”.
At time of writing the Government still plans to implement the GDPR fully to ensure there is no interruption in the free flow of data between the UK and the EU after Brexit, so full compliance preparations should still go ahead.
If you are an organisation which has strong Communication and IT operations which engage with all pieces of personal data collected, processed and stored, i.e fundraisers, marketing, campaigning, communications, volunteering and beneficiaries you will need to adhere to the new guidelines.
If you suffer a data breach that puts the rights of individuals at risk, you must notify the Information Commissioner’s Office (ICO) within 72 hours of your organisation becoming aware of it. You should also notify the people affected before you tell the ICO.
If you don’t meet the 72-hour deadline, you risk being saddled with a fine of up to €20 million, or 4% of your annual turnover, whichever is greater.
Despite attempting a much longer blog about GDPR, I decided it will be more beneficial to direct readers to the official links which have helped me to understand a little bit more about the subject.
So – GDPR is coming and as part of your Public Relations / Communications activity you need to know how best to manage your data within your organisation. Here are some useful links to help you get you and your team ready by 25 May 2018.
INFORMATION COMMISSIONERS OFFICE – https://ico.org.uk/for-organisations/data-protection-reform
THE INDEPENDENT – http://www.independent.co.uk/news/business/comment/what-is-gdpr-everything-need-know-cyber-security-regulation-general-data-protection-regulation-a7752906.html
THE GUARDIAN – https://www.theguardian.com/voluntary-sector-network/2017/may/05/gdpr-charities-prepare-eu-data-protection-changes-consent-fundraising
CIVIL SOCIETY – https://www.civilsociety.co.uk/…/free-guide-to-gdpr-and-data-protection-for-charities…
WIKIPEDIA – https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
I hope this has raised your awareness. We will all have to see how this unfolds in the next 365 days.
All data and information provided in this blog is for informational purposes only. SEA-PR.com makes no representations as to accuracy, completeness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.