Skip to main content

GDPR framework for charities

PhD Researcher Jane Henriksen-Bulmer has developed a Data Protection Impact Assessment (DPIA) framework specifically tailored for charities – the DPIA Data Wheel.

The new General Data Protection Regulation (GDPR) will have a significant impact on the ways that charities and other organisations process and share data. Compliance with GDPR can be costly and time consuming, requiring organisations to analyse the way they work, the data they use, how it is handled and secured. Charities particularly may struggle with the capacity and cybersecurity expertise needed to ensure they comply with the new regulation.  

Jane, along with BU’s IT Information Security team and Cybersecurity Research group, recently ran a practical workshop about GDPR and how it will affect charitable organisations. The workshop aimed to help charities meet their legal requirements under GDPR and educate the participants on how to conduct DPIAs using the DPIA Data Wheel that Jane created.

The DPIA Data Wheel provides a framework for charities to conduct an assessment of data protection risks, document and record the outcome, helping them assess privacy risks in a repeatable, consistent manner and demonstrate compliance with GDPR. Jane developed the framework through her work assisting the local charity StreetScene to implement GDPR. StreetScene is a drug and alcohol addiction rehabilitation charity with centres in Bournemouth and Southampton.

Jane said: “My research focuses on Data Privacy and how organisations can effectively assess privacy risk and make informed decisions about privacy. As part of this, I have worked with StreetScene, implementing GDPR and devising the DPIA Data Wheel, designed specifically with the charitable sector in mind.”

Jane added: “It was a great experience sharing the outcome of this work with charities at the recent GDPR workshop. The workshop went really well, with about 40 people attending. The charities involved were really positive about the experience and now have the tools to be able to demonstrate GDPR compliance.”

Tessa Corner, one of the founders of StreetScene and its CEO, said: “This experience cut through the hype and confusion surrounding the new legislation and gave us clear guidelines to fully comply with GDPR.”

Jane’s research, in conjunction with the IT Information Security team and the Cybersecurity Research group, has created a tool that will help charities demonstrate that they are working within the parameters set out by GDPR and the workshop provided practical education on how to use that tool.