Estimated reading time: 2 minutes, 59 seconds

With all the recent news about data breaches in organizations and the increase in the amount of data that companies collect, data protection is now required more than ever. It’s time to consider the best practices that can help your nonprofit to secure the future of data and its online presence entirely. With more nonprofits now collecting data from donors and using it in their activities, the call for regulation and privacy has increased.

Consequently, companies around the world have risen to the emerging challenge of privacy and data protection by changing their systems and upping their game concerning the security of data to protect personal information in compliance with the new laws, particularly the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

The GDPR and CCPA are essential for nonprofits that need to collect and analyze donor data to find trends. There is a need to manage the data collection and analysis process, just like how businesses in other industries do. For businesses and nonprofits, collected data can be a goldmine but can also lead to massive losses and lawsuits if not done in accordance with the set laws. While gathering data can be easy, doing so ethically as stipulated by law is not always easy. Every nonprofit must do their thing while drawing a red line between sourcing data ethically and  jeopardizing the anonymity of the owner of data, maintaining privacy and getting what they need.

For any nonprofit, simply sticking to the laid out procedures and guidelines in GDPR, CCPA, and other initiatives can be the easiest way of protecting sensitive data. This goes a long way toward building trust with the donor base and protecting the reputations of an organization. Doing so however is easier said than done. As a nonprofit just like any other business, complying with the existing and emerging data security regulations is not a one man show but rather a concerted, multi-department kind of effort. It requires bringing everyone on board and putting heads together for an organization-wide solution to be implemented.

The entry of GDPR legislation in 2018 threatened organizations that serve European Citizens with massive fines. This is still the case even today for organizations, including nonprofits that fail to guard personal data. To adhere to the GDPR, nonprofits must begin by auditing their data collection methods and determining whether they have consent to use specific personal data or not. Similarly, the efforts of compliance to GDPR should include developing proper breach response plans, and must also include IT staff training, professional risk assessment and assessing endpoint visibility. The last two (risk assessment and assessing endpoint visibility), help in determining points of noncompliance and identifying remedies. It is prudent to note that security compliance issues are often there long before they are discovered, and therefore, regular testing can unearth the same. Sadly, most nonprofits fail to do this in time due to a lack of appropriate tools and knowledge.

Pre-GDPR, many data collection, and processing systems were opaque. This not only left customer data at the mercy of organizations but it also increased the chances of bad systems and methods being used to gather and store sensitive data. However, GDPR is now addressing this issue by ensuring that there are both transparency and accountability. Nonprofits can protect their data by ensuring that the process of collecting data to processing is fully transparent. This cannot be achieved only in writing or speeches but must be done practically by protecting data from employees, volunteers, and supporters all of whom are protected under the new regulations.

Last modified on Monday, 03 February 2020
Read 655 times
Rate this item
(0 votes)
Tagged under
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline