Whilst many of our clients were SME's we also undertook numerous work with local Charities.
Charities are required to comply with GDPR to the same level of any other business, but they have unique complexities, which general businesses don't necessarily encounter. Some of the difficulties that charities face include;
- The belief that ICO will not target charities, this is now proofed not to be the case, due to recent fines imposed by the ICO on numerous global and local charities.
- Many charities rely on using numerous volunteers and often on an adhoc basis, meaning that training these individuals and enforcing GDPR is harder to achieve through these individuals, and the danger that they stop volunteering if things become too complex.
- Many Charities deal with vulnerable people, meaning data can be sensitive personal data, and there is an obligation on the Charities to ensure that these individuals understand GDPR and their rights. This often requires Charities to find simple ways to explain their rights to these individuals, a one size fits all policy is not suitable in these cases.
- There is often a lack of systems to effectively record/store personal data, which means data is vulnerable.
- Personal data obtained through numerous and often informal methods, ie signing people up for funding in the streets.
- Historically personal data has been used in many ways to assist the charity promote themselves or raise funds, but these are no longer appropriate under GDPR.
- There is often a lack of funds and staff to implement GDPR
- Many Charities are governed by Trustees, who also need training on GDPR
We worked together with these charities to deal with these unique issues and came up with practical ways to deal with GDPR whilst still being able to operate the Charity for the purposes for which is was created.