Understanding of EU data protection rules must improve » Charity Digital News

Understanding of EU data protection rules must improve

Just 4% of organisations – including charities – fully understand the effect the EU’s General Data Protection Regulation (GDPR) will have on them, according to a survey.

A staggering 82% of organisations have either not heard of GDPR or don’t understand the impact it will have on them, according to a survey by Close Brothers.

Authors of the report said that businesses are underestimating the changes they will have to make to comply with GDPR law.

The GDPR has been designed to give citizens back control over their data in the digital age, ensuring rules surrounding the right to be forgotten are clarified.

The new standards also place some hard-hitting financial penalties on businesses who fail to protect data. For example, businesses will have to make the relevant data protection bodies aware of any breaches within 72 hours of them being discovered, and fines can be levied of up to 4% of global revenue for the previous year, or €20m (£15.8m), whichever is higher.

Charities have less than two years to comply to the new data regulations or face strict punishment from data watchdogs.

Those that do not comply by May 2018 will face tough legal and financial penalties. For example, those not adhering to the new rules will face fines of up to 4% percent of their global revenue for the previous year, or £15m, depending on which is greater.

handy Q&A on the new regulation has been published by the EU.

Related reading

GDPR slide
  • In addition to the financial obligations, for charities the reputational damage can be devastating. It is vital to start preparing now. The 2 year period until 2018 is just a grace period, the regulation has come into force last May. You need to know what data you hold, where it came from and whether you can prove you have consent to handle this data.

    Accountability is key with the new Regulation. Building a paper trail of the steps you take towards compliance is important. We make it our business to help companies as well as non-profits achieve and demonstrate compliance with the GDPR.