GDPR has the potential to stifle digital innovation in the public good arena. Some organisations are avoiding taking the risk to deploy transformative new digital services that process personal data because of the risk of a data breach and the PR fallout.
As well as talking about compliance, right now we need to also talk about the implications of GDPR on the way organisations plan and make strategic decisions about how they use technology.
Risk in perspective
There is no doubt that for third sector organisations GDPR is a big deal. To a greater or lesser extent, alongside each core "for good" purpose, every charity can now be classified as a data business these days.
With GDPR demanding that we all know that our data is sourced responsibly, managed securely and that we are transparent about the details we hold, adapting will be disruptive and some instances will involve onerous work to ensure compliance.
But at its heart GDPR represents not much more than good business practice for the future. In fact, it could enable us to put data at the centre of our organisations and use data insights to provide better services - rather than GDPR being just a compliance exercise. And by applying greater diligence in our use of data we can help restore trust in a sector whose approach has been scrutinised in the past.
No organisation can afford the kind of reputational and financial damage suffered by Talk Talk and Equifax as a result of their customer data breaches. So, while data breaches are day-to-day business risk for every organisation, GDPR-readiness should also ensure organisations are more resilient.
They will also be better placed to avoid the attention of regulators who are increasingly intolerant of organisations that are bad custodians of data.
Focus on opportunity
Although managing data risk is a very important element of GDPR, one worry for any organisation and the sector as a whole is that in the run up to GDPR's introduction in May, risk aversion becomes the sole focus of all things IT and digital and we stop doing bold new ventures.
At a recent panel event hosted by Eduserv, Jason Caplin, chief digital officer at Barnardo’s, described how he sees digital as a catalyst for change in reinventing social care; not just in his organisation, but right across the sector he works in.
Nearly every charity has the opportunity to see digital in these revolutionary terms. But in conversations across the sector, there is a concern that the sector isn’t approaching the use of data and digital from a perspective of opportunity but from a fear of getting things wrong and failure to comply.
This is a shame because when the GDPR deadline has come and gone, charities will still need to work out how they can become data-driven, user-centric organisations collaborating across sectors. In fact, the very future of many charities depends on them doing this and getting it right first time.
So as we head into the final months of preparation for the impact of GDPR, I’d like to urge every organisation to aim high - don’t allow yourself to be defined by what you can’t do but think about what you can do better and differently with data and digital at the heart of your organisation. Do not let GDPR suck the oxygen out of embracing digital innovation and the digital revolution that is going on around us.
Louise Eagle is head of charity engagement at Eduserv, a not-for-profit provider of IT, digital and web development services