Another law that will make it hard to find volunteers for trusted roles within organisations be they, Directors or Trustees.
I many ways the GDPR (General Data Protection Regulation) is being overlooked and yet it is likely to have a profound effect upon people who understand what it means for organisations and individuals. I suspect that as people begin to understand the GDPR, society will see a drop off in people taking on roles of responsibility within organisations, I witnessed this before when organisations have refused to take out insurance for their directors and trustees.
Are you able to imagine the worst-case scenario where your organisation has suffered a data breach which will have a significant impact on individuals? If your organisation has failed to prepare for this situation they will be in trouble as the amount of information that needs to be handed over to the relevant authorities is fairly substantial and will be a stretch given that you only have 72 hours in which to process and pass on this information. Although the authorities will hopefully recognise that it is not possible to of completed a full investigation into what has happened in 3 days, it is, after all, a surprisingly limited amount of time to gathering information about what has happened, not only is your organisation expected to do this but they will also be expected to come up with a solution to the breach, this is a requirement of the new regulations.
Preparation is the key here, and it is prudent to think about this now as in a year it will be too late as the regulations will be in place. It is also important to look at what information you are storing, gone are the days when you can continue to store random bits of information about your users/members, if it is not being used by your organisation then this data should be removed.
This is just the reporting part of the GDPR I am of the opinion that if you do not think about this in good time as an organisational leader you will be failing in your role, plus you need to be aware you will be personally liable (there is no fobbing off the responsibility to your organisation this time).
Often, in my opinion, people take on roles such as Trustee or Director, doing it with the best of intentions, yet they have little or no idea of what these roles require in terms of the law. This is a dangerous situation to put yourself into, especially if your organisation is maintaining data on their users or members in an insecure manner. I have personal experience of this where a membership organisation stored vast quantities of information on its users in an insecure database (thankfully this is no longer the case). Even churches such as my own will need to take extra precautions in storing their user data, gone are the days when a book of members can be left on a bookshelf.
There is the added worry for me that many people become Trustees without their own knowledge, this happened to one of my family members recently when they volunteered to serve on a committee that runs music events. Volunteers are amazing in many ways, giving their time and experience to roles within organisations that could never run without them, but it really worries me that there is not enough transparency within roles that people take on willingly.
Before I take on a role as a Trustee, I will read at the very least the last 3 to 5 years of annual accounts and reports in order to gauge the work and financial situation of the organisation, this is not hard to do especially if they are a registered charity (the charity commission website is my friend). I will ask what is done with surplus income, I ask the questions that occur to me when I look at these reports it is essential to ask questions before you take on a role of responsibility like this, you don’t want to agree to be a Trustee if you do not understand the situation you are stepping into.
I am aware that I have kind of gone off my original topic of the GDPR and stumbled into talking a bit about volunteering but both are important. I am sure that there will be follow up posts around these subjects in the future from me, but summing up I think I worried that as the law changes and adapts to take in the changes required to secure our personal data it will also affect the way in which volunteer and director roles are filled within the third sector.
My thoughts on this would not have been possible without the thought-provoking articles and talks by Heather Burns.