Implementing GDPR in the Charity Sector: A Case Study
Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sheridan
Dr Shamal Faily email@example.com
Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that need to implement GDPR or conduct DPIAs.
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2019. Implementing GDPR in the charity sector: a case study. In Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S. and Krenn, S. (eds.) Privacy and identity management: fairness, accountability and transparency in the age of Big Data: revised selected papers from the 13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 international summer school (IFIP Summer School 2018), 20-24 August 2018, Vienna, Austria. IFIP advances in information and communication technology, 547. Cham: Springer [online], pages 173-188. Available from: https://doi.org/10.1007/978-3-030-16744-8_12
|Conference Name||13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 international summer school (IFIP Summer School 2018)|
|Conference Location||Vienna, Austria|
|Start Date||Aug 20, 2018|
|End Date||Aug 24, 2018|
|Acceptance Date||Jun 6, 2018|
|Online Publication Date||Apr 16, 2019|
|Publication Date||Dec 31, 2019|
|Deposit Date||Sep 17, 2021|
|Publicly Available Date||Dec 6, 2021|
|Series Title||IFIP advances in information and communication technology|
|Series ISSN||1868-4238 ; 1868-422X|
|Book Title||Privacy and identity management: fairness, accountability and transparency in the age of Big Data: revised selected papers from the 13th International Federation for Information Processing Working Groups 9.2, 9.6/11.7, 11.6, Special Interest Group 9.2.2 i|
|Keywords||Data protection; Privacy; Personal data; Charities; General Data Protection Regulation (GDPR); Impact assessments; Data protection impact assessments (DPIA)|
HENRIKSEN-BULMER 2019 Implementing GDPR in the charity
You might also like
Automation and cyber security risks on the railways: the human factors implications.
Presentation / Conference
Assessing system of systems information security risk with OASoSIS.
Integrated design framework for facilitating systems-theoretic process analysis.
Cybersecurity user requirements analysis: the ECHO approach.
Use-case informed task analysis for secure and usable design solutions in rail.