We are growing more and more aware of the importance of our personal data and we demand greater control of how large corporations and governments use our data.
The scandals around the lack of personal data protection and the use of technology are a hot topic. In recent years, it has been discovered that several companies and governments have taken advantage, for different purposes, of the data stored from their users, in most cases without their explicit consent to use them.
Very often, platforms such as Facebook or TikTok are accused of selling these data; on other occasions it is these very same platforms that denounce they’ve been victims of robbery or manipulation.
And this is why we are growing more and more aware of the importance of our personal data and we demand greater control of how large corporations and governments use our data, but also for smaller organisations, as may be a local sports club or neighbours’ association.
In this context, we may ask ourselves whether non-profit organizations are prepared to answer these demands and if they are able to comply with legislation, but there’s another more important question we should ask ourselves: are non-profit organizations aware of how important it is to protect the data of their members, donors, beneficiaries and volunteers?
In my own experience, I can say that many organizations lack a previous privacy culture, especially with regards to the Internet. Very often, those in charge of personal data protection don’t have the necessary skills or training and don’t see the task as an essential one within their organisations.
The most likely scenario is for many of these organisations to get a fine for failing to comply with the current legislation, but what is more worrying is that some of these organisations will misuse the data they collect without even being aware of this, or a third party will take advantage of the uncertainty to gain access to data that should be protected.
If in your organisation you would like to change this situation, a first step is to look at how you gather and protect personal data; check that you are complying with your legal obligations and, more importantly, define why you need each data and what type of consent is needed to use these data. Only by doing this will you start building a solid culture of privacy.