Charities
Concerned about data protection?
The GDPR has had a significant impact on many charities and non-profit organisations.
Organisations that rely financially on charitable donations need to ensure that their marketing databases are GDPR compliant and that they can maintain their consent and retention policies without drastically limiting their market reach. Many charities, particularly those supporting medical research or disadvantaged groups, may process large amounts of sensitive and special categories of personal data.
Staff need to understand their individual responsibilities for data protection. Ensuring this can be very difficult for organisations that rely on a large number of part-time volunteers.
This page explains what the new legislation means for charities and not-for-profit organisations and what they need to consider when managing and protecting personal data.
What does the legislation mean for charities and non-profit organisations?
Like all other organizations, charities and non-profits must:
- Be transparent in the way they process personal data and are responsible for it
- Being able to discover, manage, repair, prevent and report on data leaks. If necessary, contact should be made with the Dutch Data Protection Authority (AP).
- Understand what data they have, where it is stored and who has access to it
- Implement effective processes and procedures to protect personal data
- Enabling donors, staff, beneficiaries, customers, suppliers and anyone who receives charitable support to:
- to have access to data stored
- to ensure that the data is correct and to amend it if necessary
- to delete the data (unless there is a legal obligation to do so)
- appoint a data protection officer if they:
- Be a government agency
- Process data at scale
Key Data Protection Considerations for Charities and Not-for-Profit Organisations
Charities and non-profit organisations must protect personal data in many of their activities. Some important considerations include:
Marketing en fondsenwerving
- Beheren van de goedkeuring van personen voor het ontvangen van direct marketingmateriaal
- Data retention
- Database management and data minimisation
Personeel en vrijwilligers
- Opleiding van personeel en vrijwilligers om hun verantwoordelijkheden op het gebied van bescherming te begrijpen
- Verankering van een cultuur van gegevensbescherming, vaak op meerdere locaties met deeltijd-, vrijwillig en vast personeel
- Vermijden dat er meerdere lokale kopieën van gegevens worden gemaakt op verschillende platforms
Management of sensitive information
- Informatie over mensen die liefdadigheidssteun ontvangen, inclusief medische en andere gevoelige persoonlijke gegevens
Bestuur en de rol van vertrouwenspersonen
- Verantwoordelijkheden begrijpen
- Beschikken over solide rapportagesystemen
Beheer van gegevens over meerdere locaties
- Minimaliseren van gegevens die in verschillende formaten en op verschillende locaties worden bewaard
- Vermijden van duplicaatgegevens
- Removal and storage
- Beheer van legacy- en niet-standaardsystemen
Administration
- Email systems
- Payroll administration, pension administration and personnel files
- Bezoekerslijst, toegang en CCTV
Data protection
- Maintain network and server security
- Data encryption
Rules and agreement
- Privacy-, bewarings-, cookie- en gegevensbeschermingsbeleid
- Personeelshandleidingen
- Data Sharing Agreements
- Data processing agreements
Make a request below
Fill in your details below and we will contact you as soon as possible