Implementing GDPR in the charity sector: A case study
This data was imported from DBLP:
Editors: Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S. and Krenn, S.
Journal: Privacy and Identity Management
This data was imported from Scopus:
Journal: IFIP Advances in Information and Communication Technology
© IFIP International Federation for Information Processing 2019. Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that need to implement GDPR or conduct DPIAs.