Medical​ ​research​ ​at​ risk​ ​if​ ​charities​ are​ not​ ​GDPR​ compliant

Charities will need to understand GDPR inside out to effectively mitigate the risks

Austin Clark | 6th Oct 17

A data study undertaken by Me Learning, an e-learning provider to UK local government, charities and businesses, shows just how much charities operating in the area of medical advancement stand to lose if they are not GDPR-ready by May 2018.

Over 4,400 charities were researched to identify the top revenue organisations. The top 0.7% generate donations of over £100m and most belong to the field of advancement of health and saving lives, an already highly regulated area of health research.

The Wellcome Trust, Cancer Research UK and Change Grow Live bring in combined donations of £1bn and a serious data breach could mean penalties of £15.6m, £25.4m and £6m, respectively.

Nick Richards, CEO of Me Learning commented: “In a highly regulated sector of health research, the GDPR cracks down on issues of consent and the sharing of personal data. How charities approach donors is one of the key concerns and the mechanism of opt-in consent at the moment lies at the heart of conversation. Charities will need to understand GDPR inside out to effectively mitigate the risks.”

Additionally, The Academy of Medical Sciences reports that each pound invested in cancer-related research by taxpayers and charities returns approx 40p to the UK. A data breach costing £25m would mean that from an economical point of view the UK loses more than £10m, the cost of opening a new research facility.

The GDPR is a new legal framework, which comes into effect on the 25th May 2018. Under the new act, regulators could issues fines equal to €10m or 2% of an entity’s global gross revenue – whichever is greater. More severe penalties of €20m or 4% of the entity’s global gross revenue may apply for serious violations such as those relating to consent, individual rights and cross-border data transfers.