Charity risk barometer
Our Charity Risk Barometer 2019 uncovers key challenges facing charities, helps you capitalise on opportunities and reap major rewards.
The General Data Protection Regulation (GDPR) is in force making information security a key challenge for charities.
Data protection and information security are essential practices for charities and businesses alike.
Collecting data is an integral part of operations for many charities. One of the key differences between GDPR and the Data Protection Act is the way you gain consent.
A data subject enters their business card into a prize draw at an event. Submitting their details is an affirmative act, which demonstrates consent to their personal information (contained on the card) being processed for the purposes of the competition. However, it does not mean that the data subject consents to their details being used for any other purpose such as marketing. Separate consent will be needed for each different processing operation, so data subjects must have granular options to consent separately to each purpose.
Cyber attacks can cause data breaches. Though the threat of cyber attack can be minimised, it’s impossible to create an impenetrable system. There are some simple steps your charity can take to protect data:
Cyber insurance is also a way to manage cyber risks presented by hackers, ransomware and other threats. It’s important first and foremost that charities defend themselves by having cyber security controls in place. However, where they are still exposed, cyber insurance can provide additional support.
Cyber insurance from Ecclesiastical can be bought in conjunction with your charity insurance or as a separate stand-alone policy. It can protect against the financial impact of a cyber attack including:
Our cyber insurance policy offers additional services to help charity organisations manage the aftermath of an attack. Professional services such as these can be expensive to use. Our cover gives your charity access to:
GDPR identifies the need for data breaches to be reported to the ICO within 72 hours of a breach that puts personal data at risk. There is also a requirement to notify data subjects if there is a high-risk breach, for example, if medical records were unavailable for a long period.
If you experience a cyber attack, call Action Fraud for 24-hour support and immediate advice on 0300 123 2040.