Protecting your charity from financial and reputational harm

Most people are aware that an EU Regulation known as General Data Protection Regulation (GDPR) came into force on 25th May 2018. Less well known is that on 23rd May 2018 the Data Protection Act 2018 received Royal Assent. The point of both is to update the UK's data protection laws for data privacy..

Digi-Board governance reviews reveals various approaches to assigning responsibility for data privacy in organisations:

> appoint a Data Protection Office (DPO)
> outsource to a third-party

The decision to appoint a DPO must be based on the rigorous assessment of the charity's role as a Data Controller and/or Data Processor. Whoever is assigned as a DPO they must meet the following criteria: be independent, an expert in data protection, adequately resourced, and report to the highest management level. Click here for FAQ published for charities by the Regulator (in the UK that is the Information Commissioner's Office (ICO).

There is a shortage of DPOs so many organisations turn to an outsource provider. Digi-Board has experience with charities for the appointment of an outsourced DPO and running a procurement for those services. Click here to make an enquiry.