GDPR and the new Data Protection Act were introduced in 2018 to better protect individuals’ data but applying the new regulations across a complex organisation has its challenges. Barnardo’s provides over 1000 different services for children and young people and has a broad range of career disciplines. Ensuring continuous improvement in data protection meant making a range of changes to the way we all work.
To better protect the personal data of our employees, volunteers, and all the children and young people we work with, we have developed new systems, processes and policies which are:
- a good fit for our broad range of stakeholders
- manageable for our colleagues in their day-to-day work
We have put in place a range of digital solutions including:
procuring OneTrust 'privacy software' so we have industry-standard technology to apply to our unique needs
designing a new digital data protection impact assessment to ensure consistency, easy records management and data for learning and improvement
digitising and improving our vendor security questionnaire so we know our suppliers meet our standards
digitising our asset register – and ensuring it can hold confidential information securely
updating and improving our data protection and governance policies
developing new contractual templates for working with third parties
Using our new systems and processes
We have developed, tested and delivered training in our new resources across the organisation. And we have introduced the new ways of working in our day-to-day working practice.
We will continue to embed and improve these new ways of working to make sure we are applying and upholding the best standards of protection across Barnardo’s.