Charities have been told to “reboot your thinking” around personal data and to avoid processing data in ways that feel “uncomfortable” to avoid falling foul of new rules.
Ardi Kolah, executive fellow & director of the GDPR Transition Programme at Henley Business School, was speaking at Trustee Exchange, organised by Civil Society Media, last week.
It is less than a month until the 25 May deadline for all organisations to comply with GDPR and Kolah said that to comply organisations need to “reboot your thinking” and “change behaviour”.
He suggested charities consider whether their approach “feels comfortable” and that if it doesn’t then it probably doesn’t comply with GDPR.
He advised charities to think “like a human being” and use “ordinary language” to explain how and why they process data.
Kolah said that for organisations that get their approach to GDPR right it is an opportunity to “do more with people’s personal data, building deeper digital trust”.
He said charities had an advantage over other sectors because they are “deemed to be trustworthy”
“People assume you are going to do the right thing,” he told delegate, so charities are in a “better starting place than anyone else in any other sector”.
But he also warned them to “live up to it”.