Best practice tips for Third Sector Organisations
Published on: 11th May 2018
By PYXI GDPR Team
Third Sector includes voluntary and community organisations (e.g. registered charities, associations, self-help and community groups), social enterprises, mutuals and co-operatives.
1. Tell people what you are doing with their data
People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.
2. Make sure your staff are adequately trained
New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.
3. Use strong passwords
There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.
4. Encrypt all devices
Make sure all devices – such as PCs, memory sticks and laptops – used to store personal information have encryption implemented.
5. Only keep people’s information for as long as necessary
Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.
PYXI GDPR Team: 11th May 2018 17:37:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017
The ICO’s probe, carried out in parallel with the Financial Conduct Authority, revealed multiple failures at the credit reference agency which led to personal information being retained for longer than necessary and vulnerable to unauthorised acces... click to read more