Nonprofit commanders, get ready for a journey into the universe of digital compliance. Your mission, should you choose to accept it: protect the data of your valuable donors and beneficiaries. Join us to understand how Law 25 specifically applies to your nonprofit.
Why must your nonprofit comply with Law 25?
Don’t be mistaken, nonprofits are not exempt from Law 25. In fact, your nonprofit collects a variety of sensitive data:
In addition to complying with Law 25, your transparency in data management will strengthen the trust of your donors. Follow the 5 steps below to adopt exceptional data management practices.
5 steps to bring your nonprofit into compliance with Law 25
1 – Take inventory of the data collected
Start by taking inventory of all the data your nonprofit collects, like an astronaut mapping a new planet:
- What information do you collect?
- How are they collected?
- Where are they stored?
- Who has access to them?
- How long are they kept?
2 – Appoint a data protection manager
This step allows you to appoint your ‘data protection captain.’ The role varies depending on the size of your nonprofit:
3 – Update your consent forms
Your donation and registration forms must now explain why you are collecting the data, while providing the option to choose the information shared or to withdraw consent.
When creating new forms or modifying existing ones, make sure to use simple and accessible language for the users of your website.
Our pilots can help you get started with the Law 25 compliance process:
4 – Secure your data
To ensure additional data protection, we suggest implementing these best practices::
- Use strong passwords.
- Make regular backups.
- Keep your antiviruses up to date.
- Limit access to authorized persons only.
- Have two-factor authentication.
- Provide ongoing staff training.
The data collected must be protected like a space station protects its crew. These best practices are not required by Law 25, but will allow you to limit data leaks and gain the trust of your donors.
5 – Prepare your procedure in the event of a leak
Even the best space stations can leak. Prepare an emergency plan.
What are the risks of non-compliance with Law 25?
Like a spaceship without a protective shield, a non-compliant nonprofit faces serious dangers.
- Financial sanctions: These sanctions can seriously impact your ability to pursue your social mission.
- Reputational risks: :You could lose the trust of your donors, possibly leading to a reduction in donations and community support.
- Operational consequences : Your data collection activities could be suspended and monitored by the CAI (Access to Information Commission).
Compliance with Law 25 may seem like a journey into the unknown, but with the right tools and guidance, your nonprofit can safely navigate this regulatory space. By following these steps, you ensure compliant data protection while building trust with your donors.