Data Center

What Nonprofits Need to Be Doing to Protect Data Post-GDPR

With data protection measures becoming law, nonprofits need to make sure they’re complying.

Calvin Hennick is a freelance journalist who specializes in business and technology writing. He is a contributor to the CDW family of technology magazines.

With more businesses collecting and analyzing customer data, there have been increased calls for regulation and privacy. And organizations around the world have risen to the challenge, drastically altering their systems to properly protect their customers’ personal information and comply with new laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

This is particularly important for nonprofits, where those involved often feel a much more personal connection to the organization. All nonprofits need to gather and analyze donor data, but it’s important to draw a red line between ethically sourced, anonymized information and data that could potentially compromise personal privacy. Simply following the guidelines laid out by regulations such as GDPR can go a long way toward protecting this sensitive data, leading to a more satisfied donor base and protecting organizations’ reputations.

Complying with emerging data safety regulations is mostly a matter of taking the instructions laid out by new legislation and making sure each guideline is applied across departments. It’s simply a matter of bringing everyone up to speed.

What Nonprofits Need to Know about GDPR

When GDPR went into effect in 2018, the legislation threatened to pin massive fines on noncompliant organizations serving European Union citizens. To follow the law’s regulations, nonprofits need to audit their current data collection strategies and determine whether they have explicit consent to use certain data points. Third-party testing of security platforms is an important element of ensuring compliance. And, as platforms are undergoing testing, nonprofits should also develop and test internal breach response plans, if they have not done so already.

GDPR compliance efforts may also include training IT staff on new safety protocols for increasing network and endpoint visibility, as well as a professional risk assessment to help determine points of noncompliance and potential remedies.

It’s important to recognize that security and compliance problems often exist long before organizations discover them. Malware, for example, is designed to investigate and compromise donor data without alerting the owners of a security system. Unless it has appropriate tools in place, an organization could be unaware that it’s experiencing a cyberattack.

How GDPR Affects Nonprofits

For a nonprofit to fully comply with GDPR, its data collection and processing systems must become fully transparent. This isn’t limited to donor data; GDPR also covers information collected from employees, volunteers and miscellaneous supporters. If a nonprofit stores personal data on these groups, then GDPR protects their rights.

It’s not enough for a nonprofit to merely say it plans to comply. Most nonprofits are tasked with writing out a strategy for long-term compliance, as well as routine checkups and updates regarding new legislation and emerging technologies.

What Nonprofits Need to Comply with Data Protection Regulations

Nonprofits that operate in the European Union can defend themselves against ransomware and hackers by investing in robust endpoint protection tools. Years ago, the only option for security software functioned like a password manager, but today’s technologies use artificial intelligence and machine learning to monitor an organization’s data collection systems for anomalous behavior.

Additionally, a robust security information and event management (SIEM) system can help to unify log management and detect anomalies. A solution of this caliber will automatically alert to red flags, helping IT professionals respond to potential breaches in real time.

Other important cybersecurity solutions and activities include threat check assessments, backup and recovery systems and next-generation firewalls that use AI to continually improve performance. If possible, nonprofits should invest now in technologies that can automatically scale, which will reduce stress on teams when technology inevitably evolves, requiring updates to already stringent data regulations.

SDI Productions/Getty Images