Charities are running out of time to ensure compliance with new data protection laws, and could be ready to face some stuff penalties, a law firm has warned.
The General Data Protection Regulation, which applies from 25 May 2018, will place greater emphasis on the way in which organisations process personal data, with a series of changes around the collection, storage and usage of information relating to individuals.
There will be increased requirements on organisations to keep records and implement policies, as well as changes to the procedure and time frame for data retention, reporting data breaches and responding to access requests.
Charities will need to be more transparent in relation to how personal data is used, and could be made to appoint a data protection officer in some circumstances.
Gordons law firm said organisations must take steps now to review their processes, and documentation to ensure they are compliant before the deadline.
Andrew Logan, head of regulatory at Gordons law firm, said: “GDPR signals a huge change in the way in which businesses process personal data, giving more rights for the individuals and placing greater responsibility on the business which holds the data. It is the biggest change we’ve seen in 20 years.
“Charities may need to implement, change or review their processes and there is a lot to consider, covering every aspect of how data is collected, stored and used. This includes how long it is retained, procedures for reporting data breaches, considerations for transferring data outside of the European Economic Area, employment contracts and even staff awareness.”
Logan added that with so much to consider, it is important charities to act now. “Those organisations putting it off until the deadline will find they simply cannot do everything."