GDPR Case Study – The Born Free Foundation
ClearComm delivers compliance advice and DPO services
Like many charities, Born Free had not reviewed their data protection policy for a number of years. ClearComm were engaged to provide a GDPR compliant approach across all areas of the organisation from HR to volunteers, retailing and fundraising.
ClearComm firstly reviewed all working practices, income streams and how these helped to achieve organisational aims and objectives. This included a fresh look at ‘Consent’ based communications and the implications of the Privacy and Electronic Communications Regulations (PECR), existing supporter preferences and the recent merger with another charity. It was also necessary to make a case for other conditions for processing data to ensure lawful communications with customers of the retail division and with those supporters gained through the merger.
A number of historic procedures for acquiring and sharing data required complete review and have now been fully rewritten and relevant staff trained. All data processors, organisations undertaking a data-driven task on behalf of Born Free, have been assessed on their GDPR compliance and where applicable contracted under new agreements.
The executive board signed off the GDPR policy framework in May 2017 and are now operating within a GDPR compliant environment. All data subjects have been contacted and informed about the changes Born Free have now made to data security and their processes for handling data. There is further work to be completed but the level of risk when processing data is now significantly reduced. We continue in our capacity as DPO to deliver advice and guidance to the organisation.