GDPR: Charities need help with costs of compliance and data laws
The recent revelation that Cambridge Analytica, the data-analytics and lobbying firm used tens of millions of ill-gotten Facebook profiles in political campaigns, is a wake-up call for all of us.
In the era of Big Data, we have become accustomed to sharing personal information in exchange for accessing services. This surfeit of personal data is a goldmine for marketers, governments and others.
Much of the public debate has focused on how companies, and particularly multinational tech companies, use (and abuse) our data. There is also a growing awareness of the amount of personal data held by the State.
Ireland's Data Sec 2018/GDPR conference takes place on Monday April 9 at the RDS, click here to buy tickets
The furore about the recently introduced Public Services Card, which stores biometric and other personal information on a microchip, is a case in point. The use of data in the 'third sector' (the community, voluntary and charity sector) has, however, not received the same level of scrutiny.
Charities collect a significant amount of personal data from donors and service users, and they have to comply with the same data protection regulation as private companies and public sector bodies.
From May 25, they will also be subject to the General Protection Regulation (GDPR), the new EU-wide attempt to harmonise data privacy laws and to reshape the way organisations across the region approach data privacy.
It will ultimately democratise data privacy for citizens by making it compulsory for all organisations to get an individual's consent before their personal information is stored.
One of the real positives that now arises for charities in particular is the opportunity to use the introduction of GDPR as an opportunity to reinforce and maintain trusted relationships with their supporters and beneficiaries. Charities that can successfully navigate the transition to GDPR have a chance to engage with their supporters in a more open and positive way.
The cost of GDPR compliance for charities, in terms of financial and time resources, is, however, very significant. Regulatory bodies to which charities now report are, quite rightly, being resourced, with dozens of dedicated staff and increased back-up to process issues related to charities.
Yet, no similar investment has been made to support charities in meeting the significantly increased compliance costs arising from all of these new and necessary requirements.
For charities, the new data protection requirements come at the same time as a raft of new regulatory and reporting requirements from a range of regulators and funders: the Charities Regulator, the Lobbying Regulator and for many charities, the HSE, Tusla and HIQA.
Charities are caught between a rock (the need to invest an ever-increasing level of funds into the necessary compliance paperwork, processes, procedures, checks and monitoring that GDPR and other new regulations require) and a hard place (ensuring the maximum amount of funds is being spent on delivering maximum positive impact with the services and benefits they are set-up to provide).
Donors and the public instinctively contribute to supporting a cause or service - not covering administration and reporting costs. The essential and often innovative work of charities requires appropriate spending on administration to ensure the highest governance standards. It is not a cost to be minimised or eliminated.
However, if we want to continue to benefit from the person-centred responsiveness that characterises the mission of charities, we need the State to commit to adequately resourcing and supporting these organisations' work.
This includes meeting the additional costs charities have to incur to comply with regulatory and reporting requirements.
State authorities also need to recognise that the large amount of form-filling and repetitive administrative work now required by different oversight bodies is diverting resources from the core work of charities.
We need to see a concerted initiative by relevant State authorities to work together to streamline the various regulatory and reporting requirements faced by charities. If we can address these two issues, we will fully reap the positive benefits from a well-regulated and well-resourced charity sector.
Many thousands of people countrywide freely volunteer their time to their chosen charity, contribute as unpaid volunteer directors and trustees or, as employees, work enthusiastically for long hours on wages usually significantly below those on the open market.
Their core motivation is not business considerations, but service to the community. This work deserves to be recognised and adequately resourced.
As Ireland's largest representative body for community, voluntary and charitable organisations, The Wheel has already invested heavily in preparing our 1,300 members for GDPR; it is now up to the Government and other funders to do their part.
Dublin Data Sec 2018 is an Independent News & Media event, please visit independent.ie/datasec2018 for further information and ticket details