Charities, Security & GDPR The Third Sector has the same challenges as other businesses around securing their valuable data – but are they ready? Many years ago, a friend of mine telephoned in to a famous charity fundraiser event and donated £50 using her bank card details. A month later, there was no money showing to the charity, but she did notice that someone had purchased a ticket on Easy Jet. You might argue that PCI DSS safeguards would now cover this experience. However, you would be wrong! No one, no matter how charitable, wants to risk being punished for doing good by having their bank details stolen. My friend didn’t consider giving to this charity again until years later when she could potentially have made a simple, fast payment via her mobile. Nevertheless, there is such a wealth of charities; my friend quietly donated elsewhere. The romantic ideal would be to assume that hackers are a modern day Robin Hood who will not attack charitable organisations. However, the UK government recently published a survey that found one in ten companies that are quoted on the FTSE 350 stock exchange index do not have a response plan for a cyber attack. Charities were particularly highlighted, with Digital Minister, Matt Hancock commenting: “Charities must do better to protect the sensitive data they hold…” The Third Sector has the same challenges as other businesses around securing their valuable data but also complying with new regulation regarding the data it collects. As charity supporters, we donate money to charities trusting that the money will be well spent as promised. We give because we believe that our chosen charity is responsible, efficient, organised and is delivering our money to the needy. If a charity has a reported security breach and it affects us personally, that obviously puts us off donating, but even if it has no direct effect on us, it still affects our future decisions. Perhaps that charity is not so organised and efficient after all. Perhaps it makes sense to donate elsewhere or sadly, maybe not donate at all. The GDPR, which comes into force in May 2018, will force the security issue for all sectors including not for profit. It will obligate charities to publish security breaches, which initially sounds quite alarming but may work out well for some charities who have perhaps been reticent to justify spending funds on upgrading technology systems. They will now have no choice but to put plans in place, and likely benefit from the long-term cost savings of efficiently collating and securing all data. All businesses and organisations will be in the same boat regarding meeting compliance but the ones who use this period to get their house in order will benefit from their preparations by having the time to consult with the correct providers and make and follow strategic plans. As the government aims to make the UK the “safest place to live and do business online”, organisations that fail to comply will be heavily penalised. They will also spend valuable time working inefficiently as the workforce must deal with new data rules rather than embracing slick, reasonably-priced, automated solutions. The most prominent tech solutions to deal with the new regulations can be purchased monthly as a service, which requires no initial outlay, no storage, maintenance costs and no decision on hardware. Paying monthly for what is essentially a virtual IT department can offer a ridiculous amount of benefits: not just meeting new regulations and having the latest in technology and experts at your disposal. If you have a host of systems already in place which simply need joining up – that will also be easily achievable if you work with the right IT consultants. Regional employees and volunteers, who historically may have felt cut off from the hub at head office, can have secure access to any documents or files necessary for their roles on agreed devices. They can store all data in one secure collaborative database. Everyone can operate with the same dashboard on his or her desktop to optimise workforce processes. The correct automation methods can be put in place and merged so that there is no longer a host of disparate systems in place. The charity’s security plans can be showcased, demonstrating transparency and credibility. Ultimately this should lead to more confident supporters, happier longer-serving members of staff and more funds reaching the intended audience. If you have a host of systems already in place which simply need joining up – that will also be easily achievable if you work with the right consultants. The right time to start looking for a trusted supplier of security solutions is now. There is no need for this to keep anyone awake at night. For the right security solution provider, it should be a breeze. Further Information More about IT Security & Compliance More about IT and the Third Sector More about Blue Saffron How Are We Doing? Our service is proactive, robust and industry accredited. Customer Satisfaction - 98%Response time under 1hr - 95%First Contact Fix Rate 83% Be more productive with brilliantly managed IT TALK TO US | 0844 560 0202 CONTACT US Related Articles