77% of charities named data loss as their biggest concern!

2/01/2018

Data Protection, GDPR, News

You may also like to read

Cyber Resilience, Cybersecurity, Data Protection, News, Opinion, Services

Enhancing Cyber Resilience: Lessons from the British Library’s Ransomware Attack

News, Services

Ascot London Chief Information Officer service

Cyber Resilience, Cybersecurity, European Economic Area, News, Services

Does your organisation need to comply with the Network and Information Systems (NIS) or NIS2 Regulations in the UK?

Cybersecurity, News

Microsoft and the cascade of avoidable errors.

Previously. An astonishing 84% of UK small business owners and 43% of senior executives of large companies are not aware of the forthcoming GDPR – according to research-live.com. ¹

The research has also revealed that 75% of data will be unusable following GDPR enforcement. According to w8data, only 25% of existing customer data meets the requirements of the GDPR. ²

That also applies to non-profit organisations; GDPR compliance requires organisations to fundamentally change their culture around data management, forcing them to undertake a wholesale review of their data processing procedures.

While most large companies have the funds to invest in their GDPR preparations, small charities and non-profits risk passing the deadline completely unprepared. Given the potential fines for non-compliance, this puts them at high risk. We can help you and your organisation;  contact us today.

Many charities support children and young people, and GDPR provides special protection for children’s data. The GDPR states:

Children under 16 cannot give consent, although this may be reduced to 13 in the UK, so you may have to seek permission from a parent or guardian.

You will need to be able to verify that the person giving consent on behalf of a child is allowed to do so, and any privacy statements will need to be written in a language that children can understand.

Personal data is central to most fundraising activities, and there has been much public and media scrutiny of fundraising methods. If you use personal data for fundraising, you need to follow the latest fundraising and data protection guidance.  Find out more…

https://www.fundraisingregulator.org.uk/more-from-us/resources/gdpr-briefing-introduction

New research revealed by insurancebusinessmag.com explained that insurers protecting more than 45,000 charities and not-for-profit organisations found that 77% of charities polled named data loss as their biggest concern. Followed by the cost of putting things right and the costs incurred due to breaching data regulations and laws. ³

Data published by the ICO Information Commissioner’s Office⁵ in May 2017 for 2016/17 revealed: 

 Charities were responsible for 4% of the self-reported data-protection incidents that the ICO handled in 2016/17
 The ICO dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in the year to 31 March, a 14% increase over the previous 12 months.
 In 2016/17, the ICO was alerted to 2,565 breaches of data protection law by the organisations involved, an increase of 31.5% the year p
 Of those breaches, 4% – approximately 103 cases – involved charities, making charities the sector with the joint fifth-highest proportion of self-reported incidents, alongside solicitors and policing.
 The health sector accounted for 41% of self-reported incidents; local government accounted for 11%; general business for 9% and education for 6%
 The ICO finished dealing with 2,445 self-reported incidents in 2016/17 and handed out monetary penalties in 17% of cases but could not confirm whether any of these involved charities.
 In 1,680 cases, no action was required; in 638 cases, the data controller was required to act; and in 68 cases, an improvement plan was agreed upon between the ICO and the data controller. Again, the ICO could not say which of these cases involved charities.
 In a statement, the ICO said it had become more accessible for organisations and the public to alert the regulator to concerns because of its new live chat services, online reporting tool for the public, and new self-assessment tools for organisations.
 Charities were not listed among the ten sectors causing the most complaints from people outside the organisation, and the ICO did not say in its report how many complaints they had been responsible for

The ICO also published statistics about the number of issues it had dealt with concerning marketing and nuisance calls across all sectors. It received 167,018 complaints about marketing that broke the Privacy and Electronic Communications Regulations 2003 and handed out a record 23 fines, totalling more than £1.92m, for what it called “a range of unlawful marketing activities” But the ICO did not say which sectors these fines had been issued to or whether any of the organisations so fined had been charities.

References

1. https://www.research-live.com/article/news/84-of-uk-small-business-owners-unaware-of-gdpr/id/5022592

2. https://www.research-live.com/article/news/75-of-data-will-be-unusable-following-gdpr/id/5026352

3. https://www.insurancebusinessmag.com/uk/news/charities/data-breach-the-top-concern-for-charities–but-majority-dont-have-insurance-87002.aspx

4. https://www.thirdsector.co.uk/one-twenty-self-reported-data-protection-incidents-involve-charities/fundraising/article/1433392

5. https://ico.org.uk/about-the-ico/our-information/annual-operational-reports-201617/