The Institute of Fundraising is calling on the Government to give more support to the sector to ensure organisations achieve GDPR compliance, on the back of its own research which found that nearly half of all charities feel they lack the internal expertise to be compliant with the new regulation.
The charity body has written to digital minister Matthew Hancock, in a letter which lays out a number of measures which it believes will tackle the issues so many charities face to be compliant before May 2018.
These include the establishment of a GDPR “hotline” six months before the legislation comes into force; a targeted scheme to help charities upgrade their database systems; a campaign to raise awareness of the changes among smaller charities; and a scheme to work with industry bodies to offer more data-protection training.
The initiative has been sparked by an IoF survey which showed that, of the 332 charities which responded, 72% said they felt there was a lack of clear guidance available on the GDPR, and 48% said they did not feel they had the level of internal skills to prepare properly.
The IoF study found small and medium-sized charities were the most concerned, with 49.5% of small charities and 58% of medium-sized organisations saying they lacked expertise, compared with 29% of large charities.
Meanwhile 33% of small charities said they had not done anything to review data protection or prepare for the GDPR, compared with 3% of medium-sized charities.
All of the larger charities polled said they had begun preparing, but almost no charities of any size said they believed they were ready for the introduction of the GDPR.
IoF chief executive Peter Lewis said: “A large majority of charities are working to prepare for data protection changes, but there is a clear need for much more support, especially for smaller organisations.
“It is really important that sector bodies, regulators and the government all step up to help raise awareness of the changes and to ensure there is support in place to help charities through this transition.”
The move follows widespread concerns about a lack of official guidance from the Information Commissioner’s Office, amid claims that the regulator dragging its feet, despite insisting that firms must act now.
The ICO had originally said it would publish its consent guidance in June, but with fears this may not emerge until December – first revealed in Decision Marketing – companies will have less than five months to get their plans in place before the May 25 deadline.
In July, the Data Protection Network published its own guidance on legitimate interests, having joined forces with the DMA and ISBA. However, the ICO’s official guidance is not due until the new year.
Information Commissioner Elizabeth Denham recently warned that the regulator faces a major challenge in recruiting and retaining top staff to deal with the increased workload from the new EU data laws, due to increased competition for talent from both the public and private sector.
New industry body to tackle threat to outbound calling
ICO recruitment drive hit by scramble for GDPR experts
GDPR fuels major recruitment drive at UK businesses
70% of customers plan to demand to see their data
Firms face bombardment of data requests under GDPR
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
ICO stands firm on ‘over strict’ GDPR consent guidance
GDPR fears mount over delay to ICO consent guidance
Third-party data crackdown will wreak havoc says DMA
DPN joins calls for more urgency over GDPR guidance
UK bodies publish GDPR ‘legitimate interests’ guidance