Is your charity prepared for changes in EU data protection law?

Last month, Europe’s highest court struck down the “safe harbour” agreement, restricting the transfer of European citizens’ data to the US. What does this mean for charities, and how can they keep their supporters’ information safe?

| 5th Nov 15
cloud computing protection

Today Charity Digital News headed to business solutions provider Advanced’s Facing the Future conference and exhibition in north London to find out how the latest developments in digital will have an impact on the third sector.

One of the day’s themes was data protection, a crucial consideration for charities embracing digital solutions that recently took on even more importance as Europe’s highest court last month struck down a “safe harbour” agreement that allowed European citizens’ data to be transferred to the US.

The ruling’s impact on the social media sites and tech companies that rely on the unencumbered flow of their subscribers’ data will be earth-shattering, but what does the decision mean for organisations that collect huge amounts of supporter data, simply in the activity of fundraising?

“There’s going to be a lot of change and we need to get on board,” said Charles Bagnall, project manager for Advanced NFP.

Chris Holt, supporter relationship management at the Woodland Trust, said that organisations have until January to starting thinking about data transfer arrangements.

But how can they implement this practically?

Holt advised reviewing all contracts with cloud providers, asking where their data centres are and where they’re backed up to ensure data is adequately protected.

He said that the EU has also designated New Zealand and Argentina as places you can send data, after finding that their data protection standards measure up to those of the EU.

The New EU Data Protection Directive will also expand current definitions of “personal data”, and “data subject”, which organisations should be aware of, Holt warned.

He recommended referring to Oxfam’s Responsible Data Policy as a guide.

Bagnall and Holt also discussed the impact of the proposed Fundraising Preference Service, a site that would allow households to opt out of receiving communications from charities.

It will make complying with the new data protection laws even more important – if organisations are found to have mishandled their supporters’ information, those supporters may use the service to opt out of all communications, adversely affecting fundraising efforts for all UK charities.

Holt quoted an estimate that 50 per cent of households will have used the service to opt out within five years.

The impact on fundraising may make it necessary for the government to start funding organisations again, Bagnall said.