There’s a line to be drawn between Data Protection and Information Security and if your charity is confused about where that line is, or insists that the Information Security Officer doubles up with Data Protection duties, or worse still vica-versa, then maybe it’s about time to review your Data Protection procedures, not to mention your policies, especially given the requirements of the General Data Protection Regulation. Compliance with its requirements should be a strict matter of governance and not confused with many faces of the field that is information security.
The prescribed principles of Data Protection enshrined in law are there to be adhered to. Whether data must be processed fairly and lawfully, for example, is not a discretionary decision. Crafting policies and procedures to enable your organisation to safely use mobile tech to enhance it’s work however, may indeed require insight and expert understanding in order to devise safe and secure processing of personal information.
It’s best not to let one run away with other, and to make sure that data is kept safely and securely. Don’t get the ‘GDPR jitters’ though – your friendly helpful information security officer is part of the team and will bring the methods to deliver on the actions.