Managing data protection for your charity

With the increasing number of data breaches in the UK, it is crucial that your charity manages data protection effectively.

This is a sponsored feature provided by Markel

No matter what size or purpose, it is likely your charity holds a significant amount of data about individuals working within the organisation, or individuals you work for, on behalf of the organisation.

Data stored about these people, in relation to your charity, is likely to be 'personal' data, as defined by the Data Protection Act. In order to comply with legalities, and avoid facing costly fines relating to the misuse or mishandling of confidential data, you must ensure that all information stored by your charity is kept accurate, secure and up-to-date.

What are the legalities?

If you process and hold information about people, such as donors and service users, you are legally obliged to protect that data. Under the Data Protection Act, you must:

  • Only collect information when you need it for a specific reason
  • Keep it private
  • Only hold as much information as you need
  • Keep it for only as long as you need it
  • Allow the subject of the data to see it whenever requested
  • The ICO provides further guidance for charities, including a free one day data protection review.

How can I enhance data protection?

  • Let people know what you intend to do with their data: they should know who it is going to be shared with and how it will be used. They also have the right to correct any information if it's wrong. If you obtain information by saying it is for a specific purpose, this is the only purpose it can be used for. For example, you wouldn't be able to send a fundraising request to someone who has provided their email address solely to receive a newsletter.
  • Ensure all staff are fully trained. New employees should receive data protection training to explain how they should handle and store personal data. Existing staff should also be provided with refresher training every couple of years.
  • Make sure you have a strong password on files and portable devices: why go to efforts to protect personal information if you have a password that is easy to guess? Use symbols and lower and upper case letters.
  • Encrypt laptops, backup disks and any portable devices. Also consider installing a remote 'wiping' solution that will delete your hard drive in the event it is stolen.
  • Only keep data for as long as necessary. Make sure your charity has established retention periods and has put a process in place whereby personal information is deleted when it is no longer required.
  • Put a system in place for updating information. If possible, ask individuals on the database to take a moment to check and update their records. This can be done via email or by checking the person's details if they telephone your charity.
  • For larger organisations, it may be necessary to outsource data storage to specialists. Check their data protection policies and credentials to ensure they are trustworthy.

What are the benefits of an effective data handling policy?

Handling information safely makes good business sense, and can bring a range of benefits. You will protect your charity's reputation, increase donors' and volunteers' confidence in the running of your organisation, and - by making sure all information is kept accurate - save both time and money when marketing to your fundraising base.

As headline sponsor of the Third Sector Awards, Markel had the opportunity to speak to a number of charities at the recent event to find out more about the risks they face and how they manage them. Both Auditory Verbal UK and Career Connect highlighted data protection as a key area of concern.

Watch the video interviews

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus