In November 2017, we were awarded funding through RKEO’s Charity Impact Acceleration fund to work help a local charity — StreetScene — prepare them for the new General Data Protection Regulation (GDPR). At the time, many charities were well aware of what GDPR was and the penalties for non-compliance. However, the guidance made available to them by the ICO was general and costly to implement in terms of time and resources. Our thoughts summarising the dilemmas faced by charities facing GDPR were recently covered by The Conversation.
Using work from her doctoral research, Jane Henriksen-Bulmer has devised a customised Data Protection Impact Assessment (DPIA) process for charities, which she is now putting into practice at StreetScene. This helps them evaluate how privacy impacts their business workflows, and the privacy risks they face.
To help other charities benefit from this work, we will be running a free GDPR for Charities workshop on June 11th at the EBC. The workshop will share the results of this work with around 50 participants who work for or with local charities, and provide hands-on training on the process and complementary design techniques and software tools that charities can put into immediate practice. We’ll also be running a panel with invited speakers to discuss the challenges that small charities face with GDPR.
Although this work is helping local charities, we hope our work leads to more debate on how everyone (and not just big business) can ‘build in’ sustainable security and privacy.