GDPR during Coronavirus
With significant changes to how and where confidential donor and beneficiary data is being stored and used during this period of lockdown, the Information Commissioner’s Office (ICO) have created a hub with information to help organisations navigate data protection during this time.
The hub has a series of questions and answers, and explains, amongst many topics, that:
- Consideration needs to be given to security measures for employees working from home
- Details of contractions of the virus within an organisation can and should be shared amongst
employees (but employers should not be asking for more information than is necessary); data protection does not prevent an employer’s duty of care
- The ICO intends to reflect the flexibility permitted by the Regulations and will not penalise organisations it knows to be prioritising areas other than GDPR.
It is also possible that charities will be looking at alternative ways of raising funds, many of which will be online. The Code of Fundraising Practice includes a section on digital fundraising. Trustees and management should review the standards to ensure that any new forms of fundraising are compliant, have been incorporated in to the risk register and appropriate controls and procedures put in place.
This content was written by our colleagues at MHA MacIntyre Hudson.