When resources are so limited, why would a charity or non-profit want to spend time and money on privacy and data protection? Well, it will benefit your organization.
A robust privacy management program fosters a culture of trust. Internally, your staff and volunteers will know that you respect their privacy and handle their personal information appropriately. And your donors are expecting you to protect the personal information that they share with your organization.
What might seem like an added cost is actually a long-term investment in the sustainability, trust and operational integrity of your charity or non-profit organization— the benefits of being proactive in protecting privacy and data far outweigh the costs and risks of neglecting it.
Every charity and non-profit should have the following to ensure it is adequately protecting the personal information of its stakeholders:
- A privacy officer who is responsible for the non-profit's data protection.
- Privacy and data protection policies and procedures.
- Contracts (called a data protection agreement) to protect the personal and proprietary information that is shared with third parties for processing.
- Physical, technical and organizational data security safeguards.
- Risk assessments for onboarding new software or services in which stakeholder personal information will be processed.
- Training for staff about the non-profit's privacy management program and data security.
- Cyber-incident insurance coverage.
Does your organization already have a privacy officer and/or a data security program in place? Don't miss my previous blog, "New Year's Resolutions for Privacy Officers" for additional goals you should be considering or learn more about our Privacy on Demand packages that are available for organizations in need of privacy and data protection legal services.
Originally Published by Privacy Law
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.