What Will The Effect of GDPR Be On My Third Sector Organisation or Micro-Business?
GDPR was officially enacted on May 25th, 2018, in Europe and it will likely have a significant impact on organisations of all sizes, all around the globe. Whilst in the UK the Information Commissioner's Office, (ICO) who is the country's Supervisory Authority.
Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the previous Data Protection Act (DPA) 1998. The Regulation extends the Data Rights of Individuals, and requires organisations to develop clear Policies and Procedures to Protect Personal Data, and adopt appropriate Technical and Organisational Measures.
The Key Changes Introduced by the Regulation
Penalties for Non Compliance to the GDPR
On 5 April 2017 the Information Commissioner’s Office (ICO) fined 11 major charities for data protection breaches, including Cancer Research UK, Macmillan Cancer Support and NSPCC. These fines totalled £138,000 but under the GDPR regulation that became eforceable on the 25th May 2018, these fines could be significantly higher.
The ICO said that some of the charities had been fined because they had;
Screened millions of donors so they could target them for additional funds, while others had traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.
The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency.
However, the ICO has consistently stated that fines are their last option and they will prefer to be seen to utilise a proportionate approach where possible. This cannot be your cue to now tread GDPR with corporate ignorance and apathy though, as this on the other hand is likely to be met with rather large raised eyebrows by the ICO, thus increasing your chances of monetary penalties.
Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.
IS Know How’s Partnership with IT Governance can help Charities, Social Enterprises and Micro-Businesses Comply with the EU GDPR.
Certified EU General Data Protection Regulation Foundation (GDPR) Training Course
Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course
Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course
Data Protection Impact Assessment (DPIA) Workshop
Compliance Tools:
EU GDPR Compliance Gap Assessment Tool
EU General Data Protection Regulation (GDPR) Documentation Toolkit
EU General Data Protection Regulation (GDPR) Data Flow Mapping Tool
Gain full visibility over the flow of personal data through your organisation to meet the terms of the EU General Data Protection Regulation (GDPR).
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred. The Data Flow Mapping Tool is a Cloud-based application, licensed for up to five users and can be accessed via any compatible browser.
Information & Guidance:
EU GDPR – A Pocket Guide
EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide (Second Edition)
Consultancy Services:
GDPR Data Flow Audit
This is the essential step to prepare for compliance with the EU General Data Protection Regulation (GDPR).
Receive a thorough audit of the personally identifiable information (PII) in your organisation and receive a data flow map that will help you to identify where your data resides. This will enable you to implement measures to reduce your risk of an information security breach.
Meet GDPR requirements by taking this essential first step in the implementation process.
GDPR Gap Analysis
What Next?
We've taken time to extract various aspects of information from the Information Commissioner's Office EU GDPR Guidance - do make use of it, to increase your knowledge and direction that you are likely required to head in, regarding this critical matter.
You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"