Helping Not-For-Profit’s Operationalize Their Privacy Programs

Blog

Helping Not-For-Profit’s Operationalize Their Privacy Programs

By Drew Blaskoski

Certified Information Privacy Professional (CIPP/E) One Trust

This blog is part of a series by our Industry Partners. Humentum Industry Partners are companies providing goods or services to the Humentum membership community. To become an Industry Partner, a company must be working with - and come highly reccommended by - at least one Humentum member organization.

As a privacy expert that works for not-for-profit (NFP), religious, and charitable organizations to operationalize their privacy programs, I notice a common trend: many organizations have basic privacy programs that delegate responsibility to a select individual, have little documentation aside from simple privacy policies, and limit the influence of privacy across the organization.

When I first engage with clients, the most common question I receive is “Where do we start?” While there are several possible responses, it is first important to know what has already been completed. Are policies in place? Do you have an inventory of assets, or more importantly, records of processing activities? How do you handle high-risk situations?

To begin, I recommend NFPs start with the GDPR basics of privacy impact assessments (PIAs), data protection impact assessments (DPIAs), and data mapping/records of processing. Through these activities, customers can work across the organization and begin documenting items correctly to understand what is needed to mitigate risks in accordance with the GDPR.

If there is a single main representative who is tasked with the project, OneTrust’s Assessment Automation and Data Mapping tools make the process much easier to manage than trying to do so in spreadsheets or word documents. As the team grows, the process can be accelerated, and assessments and collecting inventory become even easier.

Once a NFP has set its foundation or imbedded a privacy by design concept, the overall analysis allows an organization to move quickly to other areas, including:

  • Subject right’s requests (from donors, employees, students, data subjects, etc.)
  • Consent management
  • Cookie/Web Compliance
  • Incident Breach Management
  • Vendor Management

Each of these areas are simpler to implement into an organization with correct Assessment Automation and Data Mapping documentations, policies, and workflows already in place.

The next question I usually hear is “Do you have not-for-profit pricing?” Proudly, I can say YES. OneTrust has partnered with Humentum to offer a significant discount to Humentum members. OneTrust wants to aid not-for-profits in all areas, including their budget departments. We are extremely excited for this partnership and are expecting great things to come from it.

Humentum members are eligible for discounts of 5 to 13% depending on their purchase. For more info on member benefits and OneTrust’s services, please email info@onetrust.com.

We look forward to continuing to serve the NFP community and its privacy initiatives. If you want to learn more about how we can help, visit onetrust.com.

## Comments

Login to join the discussion.