GDPR Compliance and the Charitylog CRM
The General Data Protection Regulation came into force in May 2018.
It will still apply even though Britain is leaving the European Union.
It applies to any organisation processing and holding personal data. Personal data is any information related to a natural person, that can be used to directly or indirectly identify the person. It can be anything from a name, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
As a charity, the way in which you handle and process data will be affected by this regulation when it comes into force. GDPR requires:
- Unambiguous or explicit consent, which may be service-specific
- Consent to be able to be withdrawn as easily as given
- Right to view all data
- Right to be forgotten
- Right to data in readable format
How can Charitylog help?
User Access to Data
You can define the types of data (e.g. personal data such as gender, ethnicity, medical data, financial data) viewable at a user level.
Users only see the information they are entitled to, which may differ by service. There is also a section to display the types of information that is not available to them.
Detailed Consent Recording
Detailed Consent options are available, and information is prominently positioned in one location within the system. As there may be many separate types of consent required this section expands to accommodate all your needs. Charitylog allows you to manage and record consent in terms of:
- Date of consent
- The level at which consent is held
- Consent-related functionality
- Third-party sharing consent (signposts & external referrals)
- Withdrawal of consent
For external referrals, you can control which consents are needed to refer to any external organisation, record whether the client has given this consent and issue a clear warning if this has not been given when entering an external referral.
Personal Access to Data
It will be easy for a person to view all the data held on the system via a printout.
The Print Client Record function allows all applicable data to be included.
Right to be forgotten
The Anonymisation function accessible from the Client screen allows the deletion of identifiable data, while leaving an identifier so that historical reports are still correct. Additionally, you have the ability to search for clients where there has been no contact for a defined period.
There is a requirement to export the data in a 'commonly used machine-readable format'. CSV, XML, or Excel are acceptable. The Print Client Record feature has an an Excel export option to facilitate this. A user-defined template library will allow predefined fields to be exported. This will avoid the need to repeatedly choose the information you need.