GDPR has now been in effect for some time and many churches and charities will be compliant as a result. However, if your organisation had a personal data breach, would you realise, and would you know how to respond appropriately?
Under the EU General Data Protection Regulation (GDPR) personal data breaches that are likely to result in a risk of harm to affected individuals must be reported to the ICO within 72 hours of your organisation becoming aware of them.
In the nine months since GDPR came into force, there have been more than 59,000 personal data breaches which regulators have been informed of. Most of which have occurred in Germany, Netherlands and the United Kingdom. These range from minor breaches, such as an email being sent to the wrong recipient, to major cyber-hacks affecting millions of individuals.
Your charity needs robust breach detection, investigation and internal reporting procedures in place. The ICO checklist for ensuring that you are prepared for any breaches that occur and know how to respond, includes the following.
If a data breach does occur, your organisation should be able to answer ‘yes’ confidently, to all of the following.
Make sure to keep a lookout for further articles tackling some of these individual topics, and be sure to get out to our free seminars such as our upcoming Trustee Responsibility event in Croydon on Saturday 16th March where we will be tackling this subject and more.
GoodtoGive can support you with the implementation of your GDPR processes. We have a number of Charity Compliance Events & Training each month and our G-Flow software also helps churches and charities manage GDPR. Contact us to find out more