Charities call for Govt action to avoid GDPR meltdown

The Institute of Fundraising is calling on the Government to give more support to the sector to ensure organisations achieve GDPR compliance, on the back of its own research which found that nearly half of all charities feel they lack the internal expertise to be compliant with the new regulation.
The charity body has written to digital minister Matthew Hancock, in a letter which lays out a number of measures which it believes will tackle the issues so many charities face to be compliant before May 2018.
These include the establishment of a GDPR “hotline” six months before the legislation comes into force; a targeted scheme to help charities upgrade their database systems; a campaign to raise awareness of the changes among smaller charities; and a scheme to work with industry bodies to offer more data-protection training.
The initiative has been sparked by an IoF survey which showed that, of the 332 charities which responded, 72% said they felt there was a lack of clear guidance available on the GDPR, and 48% said they did not feel they had the level of internal skills to prepare properly.
The IoF study found small and medium-sized charities were the most concerned, with 49.5% of small charities and 58% of medium-sized organisations saying they lacked expertise, compared with 29% of large charities.
Meanwhile 33% of small charities said they had not done anything to review data protection or prepare for the GDPR, compared with 3% of medium-sized charities.
All of the larger charities polled said they had begun preparing, but almost no charities of any size said they believed they were ready for the introduction of the GDPR.
IoF chief executive Peter Lewis said: “A large majority of charities are working to prepare for data protection changes, but there is a clear need for much more support, especially for smaller organisations.
“It is really important that sector bodies, regulators and the government all step up to help raise awareness of the changes and to ensure there is support in place to help charities through this transition.”
The move follows widespread concerns about a lack of official guidance from the Information Commissioner’s Office, amid claims that the regulator dragging its feet, despite insisting that firms must act now.
The ICO had originally said it would publish its consent guidance in June, but with fears this may not emerge until December – first revealed in Decision Marketing – companies will have less than five months to get their plans in place before the May 25 deadline.
In July, the Data Protection Network published its own guidance on legitimate interests, having joined forces with the DMA and ISBA. However, the ICO’s official guidance is not due until the new year.
Information Commissioner Elizabeth Denham recently warned that the regulator faces a major challenge in recruiting and retaining top staff to deal with the increased workload from the new EU data laws, due to increased competition for talent from both the public and private sector.