Jane Henriksen-Bulmer
Implementing GDPR in the Charity Sector: A Case Study
Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sheridan
Authors
Shamal Faily
Sheridan Jeary
Contributors
Eleni Kosta
Editor
Jo Pierson
Editor
Daniel Slamanig
Editor
Simone Fischer-H�bner
Editor
Stephan Krenn
Editor
Abstract
Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that need to implement GDPR or conduct DPIAs.
Citation
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2019. Implementing GDPR in the charity sector: a case study. In Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S. and Krenn, S. (eds.) Privacy and identity management: fairness, accountability and transparency in the age of Big Data: revised selected papers from the 13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 international summer school (IFIP Summer School 2018), 20-24 August 2018, Vienna, Austria. IFIP advances in information and communication technology, 547. Cham: Springer [online], pages 173-188. Available from: https://doi.org/10.1007/978-3-030-16744-8_12
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 international summer school (IFIP Summer School 2018) |
| Start Date | Aug 20, 2018 |
| End Date | Aug 24, 2018 |
| Acceptance Date | Jun 6, 2018 |
| Online Publication Date | Apr 16, 2019 |
| Publication Date | Dec 31, 2019 |
| Deposit Date | Sep 17, 2021 |
| Publicly Available Date | Dec 6, 2021 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Pages | 173-188 |
| Series Title | IFIP advances in information and communication technology |
| Series Number | 547 |
| Series ISSN | 1868-4238 ; 1868-422X |
| Book Title | Privacy and identity management: fairness, accountability and transparency in the age of Big Data: revised selected papers from the 13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 i |
| ISBN | 9783030167431 |
| DOI | https://doi.org/10.1007/978-3-030-16744-8_12 |
| Keywords | Data protection; Privacy; Personal data; Charities; General Data Protection Regulation (GDPR); Impact assessments; Data protection impact assessments (DPIA) |
| Public URL | https://rgu-repository.worktribe.com/output/1437881 |
Files
HENRIKSEN-BULMER 2019 Implementing GDPR in the charity
(515 Kb)
PDF
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article