Charity sector entering ‘wild west as UK hits peak GDPR frenzy’

Charities encouraged to take greater care when choosing GDPR compliance partners

Austin Clark | 8th Sep 17

Charitable organisations and the not for profit sector must take greater care when choosing General Data Protection Regulation (GDPR) compliance partners by ensuring that the right balance of legal and technical delivery skillsets are in place. This is according to ST2 Technology who suggests that a failure to do so will inevitably lead to significant compliance failures after the new regulations take hold.

GDPR means significant changes that will affect this sector, despite organisations’ funding constraints and relatively small size. However, as charities hold some of the most sensitive and personal data in the UK, this will not go unnoticed by the Information Commissioner’s Office (ICO).

Re-prioritise spend

Richard Hannah, Head of Consulting at ST2 Technology, suggests that charities and Not for Profit organisations will now need to re-prioritise their spend. Although these companies may be tempted to believe that their charitable status means they will not be liable for fines, despite all their good work, they will be expected to maintain the integrity of their data.

He explains: “Radical changes to how charitable and Not for Profit organisations manage their information will be required if they are to be compliant when GDPR comes into force. This is creating a sense of urgency as organisations try to get to grips with their data, how it is handled, where it is stored and who has access to it. However, as a result there has been a rush from consultancies to fill the market void, leading to untested and potentially incorrect approaches to ensuring compliance. We can expect a lot of teething problems and some significant compliance failures coming to light over 2018/19.”


Richard continues: “Unfortunately, there has been a sharp rise in assessment kits and non-specialist consultants offering advice to organisations on how they can ready themselves, despite not necessarily having the relevant and appropriate experience. With GDPR offering citizens compensation when a breach occurs, the regulation could spawn ‘PPI’ type agencies to pursue claims against local authorities.

“For many consultancies, customers looking for partners to help them become compliant with GDPR is the equivalent of a new gold rush – however, less speed and more haste should be the mantra as we all work with the new data landscape now coming into view.

“GDPR is not just about company records, data and processes, it is also about the law as it affects an organisation’s funding arrangements, membership management, manual and computer record keeping and its ability to transform the way it works, to both deliver its mandate and maintain compliance – doing nothing really is not an option and many of the this sector’s issues are systemic.”