Every charity processes personal data, whether this is the personal information of donors, staff members or volunteers. To comply with GDPR, ICO issued guidance recommends for charities to appoint or outsource the role of a Data Protection Officer (DPO).
What is the role of a data protection officer?
A Data Protection Officer is an independent expert who is responsible for monitoring an organisation’s compliance with GDPR. The responsibilities of a DPO cover the following:
- To inform and advise on data protection obligations under GDPR.
- Monitor compliance with GDPR and conduct regular security audits.
- Educate company staff on compliance and train data handling staff.
- Act as a point of contact between the supervisory authority and the organisation particularly in the event of a data breach.
A Data Protection Officer will help your charity to make sure that activities such as fundraising, marketing, campaigning and managing volunteers are all compliant with GDPR requirements. If you are facing financial constraints as a charity it may be tempting to avoid hiring a DPO or partially train someone, but compliance with the legislation requires technical understanding and competence.
Failure to comply with the law can also result in hefty fines (4% of annual turnover). The British and Foreign Bible Society was fined £100,000 by the ICO in 2018 after cyber hackers gained access to the personal data of more than 400,000 supporters.
Should you hire or outsource the role of a Data Protection Officer?
For most organisations it will be essential to hire a full time Data Protection Officer but for small charities, the services of a DPO may only be necessary on a periodic basis. In this case, the role can be outsourced to a third party who would carry out the responsibilities and represent the charity on all data protection obligations and inquiries.
At Kazient we provide outsourced Data Protection services for various organisations. A non-European bank recently sought our help on GDPR compliance during its recruitment process for its European applicants. Using our expert opinion, we were able to provide tailored guidance on the most practical and efficient route to compliance. Our data protection consultants are available to act as DPO for your charity.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.