Today every organisation whether commercial, public or third sector collects, manages and processes data.  We call this data curation.  Data has a lifecycle, from creation and initial storage to the time when it is archived for posterity or becomes obsolete and is deleted.  In our view an essential part of that curation process is to ensure that the data is being held securely and that data protection laws and regulations are being complied with.

Charities bear the same obligations as any other organisation.  Small and medium sized charities are vulnerable as they do not necessarily know the questions to ask or have the resources to address the issues.

We have assisted clients with GDPR and Data Protection Act 2018 readiness reviews.  These involve making an independent assessment of whether the policies, procedures and processes that a client has in place will, through their design and implementation, ensure that the requirements of relevant laws and regulations are met  Any potential compliance gaps are highlighted and an action plan produced.

Our approach to data security is to consider the basics first.  Engaging an IT support company first can often mean that the basics are missed and remain missed as they consider matters at a technical level.  We look at the technology you have, how you use it and what we would expect of an organisation such as yours.  We look at the risks therein before beginning to consider basic matters such as how you manage external threats, internal threats, the rules your staff have to follow.  Often support companies only look at one aspect of your arrangements - usually the one they are most familiar with - rather than taking a holistic look at your organisation and its needs.