As a major UK child protection charity, the NSPCC processes large quantities of highly sensitive special category data. It is often necessary for the charity to share personal data with a range of agencies and organisations so must therefore be mindful of multiple requirements such as the GDPR, safeguarding and IICSA recommendations, whilst always prioritising the best interests of the children by minimising any risk to them.
Building a robust compliance framework is at the heart of the NSPCC’s data protection strategy for child protection. The charity appointed members of their staff to be data protection champions across the different functions. The champions are all CIPP/E qualified and provide guidance to the various departments when managing personal data both internally within the organisation and with outside agencies.
The Data Protection Officer role is outsourced to a DPO Centre DPO who takes on the statutory responsibilities of the position. The DPO is able to provide the data protection champions and the various departments unconflicted high-level support and regular onsite guidance, particularly when considering the many complex and high-risk data protection issues they face.
David Roberts, the NSPCC’s Director of Corporate Services said: “Outsourcing the DPO role gives us the best of both worlds. By working on-site and being seen as part of the team, the DPO Centre’s DPO really understands the complex data protection issues the NSPCC faces. They provide a high level of independent, objective and pragmatic expertise and guidance to the organisation. Being able to draw upon the combined knowledge of the wider DPO Centre team gives us an added level of confidence and means we can rely on their advice and support whenever we need it.
We also do all this extremely cost-effectively, meaning we maximise our resources on child protection.”
Fill in your details below and we’ll get back to you as soon as possible