01 May 2020
GDPR has been in force since May 2018. Now is the time for charities to take stock and assess how the GDPR process is embedded.
Focus needs to be on:
- Making sure that all in-scope data has been identified. This data needs to be documented and risk assessed. Once this data becomes out-of-scope, it should not be retained
- reviewing data security controls regularly to ensure these controls align to the risk to data confidentiality.
- ensure staff are regularly reminded of data protection obligations and cyber risks
- the data protection governance framework should be revisited from time to time to provide assurance that key controls exist and continue to be followed
- ensuring robust incident response and business continuity controls are in place that include contingency plans for data loss and cyber attack, which are tested on a regular basis.
If you would like to discuss this or any other matter affecting your charity, please contact me or your local UHY charity adviser. Alternatively, if you would like to read more charity focused blogs please click here .
