Our challenge

GDPR and the new Data Protection Act were introduced in 2018 to better protect individuals’ data but applying the new regulations across a complex organisation has its challenges. Barnardo’s provides over 1000 different services for children and young people and has a broad range of career disciplines. Ensuring continuous improvement in data protection meant making a range of changes to the way we all work.

Our solution

the word 'security' on a computer screen

To better protect the personal data of our employees, volunteers, and all the children and young people we work with, we have developed new systems, processes and policies which are:

  • a good fit for our broad range of stakeholders
  • manageable for our colleagues in their day-to-day work

We have put in place a range of digital solutions including:

  • procuring OneTrust 'privacy software' so we have industry-standard technology to apply to our unique needs 

  • designing a new digital data protection impact assessment to ensure consistency, easy records management and data for learning and improvement

  • digitising and improving our vendor security questionnaire so we know our suppliers meet our standards

  • digitising our asset register – and ensuring it can hold confidential information securely

  • updating and improving our data protection and governance policies

  • developing new contractual templates for working with third parties

Using our new systems and processes

We have developed, tested and delivered training in our new resources across the organisation. And we have introduced the new ways of working in our day-to-day working practice.

Next steps

We will continue to embed and improve these new ways of working to make sure we are applying and upholding the best standards of protection across Barnardo’s.