Blog > CSR

Is your foundation data safe?

by Optimy

Losing data is a nightmare. Plus, lately, with all of us working remotely, data breaches are more and more common. One might think that data safety only matters for big corporations with huge databases. As a nonprofit, you're dealing with sensitive data that your donors trust you to keep safe. Plus, the data that you have stored is extremely important and sensitive. It can contain vital information on the causes that you are funding and even those that didn’t make the cut. 

With all the communication and social impact giving turning to the digital tools, the domain of data safety also had to adapt and evolve. It must be a living struggle for IT teams who have to deal with data security and all the privacy challenges that come with the global homeworking practice. 

No doubt: keeping your foundation data safe is becoming more and more important in our ever-connected world. This should not be a reason for you to keep your old obsolete manual habits to manage your social impact project. Digitalization is indeed helping a lot to increase your efficiency and productivity. But as for everything else, there is a nice safe way to do it. Don't be scared: follow the guide, everything will be ok.

How has GDPR changed the game for your foundation

GDPR already changed how your foundation runs from the very first contact with someone... It starts with how you collect personal data. ‍For foundations, this is often linked to the application process. When they submit their funding application, receiving their consent to use their data is extremely important. Having a link to your privacy policy is no longer enough. Instead, it must be clear that if personal data is shared, the third parties are named. Opting in and out of things is more of a marketing problem, so may not affect your foundation too much. However, this is still something to consider.

When opting to join a mailing list or other forms of communication, there must be no pre-ticked boxes. It must be a choice from the provider to tick it or to leave it clear. As far as storing data is concerned, there must be a limit on how long people's personal data is being kept. Lots of foundations simply use documents to store this information. Excel sheets or google docs, which hackers find easy targets for their ‘games’.

This is why you should change the way you work with these data, from spreadsheets to a streamlined solution. Implementing software at your foundation can limit the risk of a data breach by adding an extra security wall.

How can software keep your foundation data safe?

Optimy relies on Cloudflare to tackle any DDoS attacks that may occur. Cloudflare also protects, speeds up, and improves availability for web applications.

It does it through an intelligent global network comprised of 165 Data Centers spread across the world. The network automatically optimizes web and mobile pages ensuring visitors get the fastest page load times and the best performance possible. Cloudflare also has the advantages of WAF protection, distributed SSL (Secure Sockets Layers) to all customers AND caching for temporary storage.

Another system that the Optimy solution has in place is RIPS. RIPS is a technology leader in static application security testing. Static analysis (or static application security testing) is performed solely on the source code of an application without executing it. The complete source code is transformed into an abstract model that is then analyzed for security vulnerabilities.

More precisely, taint analysis follows the data flow of user input that the application receives across file and function boundaries. If user input is used in a security-sensitive operation (such as a SQL query) an attacker could malformed this operation and thus a security vulnerability is reported (e.g. a SQL injection vulnerability).

The use of software really is the best way to keep your collaborators and your data safe. Wanna know more about this? Get in touch!

3 best pieces of advice for data safety 

  1. Consolidate your data. You're collecting data from forms, from emailing, from messages, maybe from real-life happenings. Nothing is wrong with that, but make sure not to spread this information everywhere in your office, in paper folders, on your colleague's desk. Gather them in one single tool, it will keep you from going crazy if something is missing, outdated, or incorrect. Data consolidation for your nonprofit's social impact activities is an important step that you'd be sorry to have missed. The number one benefit is that all the data you need will be accessible only to those who are relevant AND from one single tool, easily and quickly. What more could one ask for?
  2. GDPR is not a one-shot task on your to-do list. Yes, we know you probably did everything required from GDPR when it was introduced in 2018. But it's not a one-shot task. Make sure that you updated your privacy policy since then, that you added privacy notices where relevant. You're working with customized forms to collect applications for your foundation's projects? Then don't forget to state how, why, and how long you will keep the donors' data that they're giving to you. Users trust you by giving you their most private data, it is only fair that they have a bit of information about how you are going to use them. 
  3. Respect the Data Safety's 3Cs commandments. They might not be universal but we like to think that by following them, you'll keep yourself from stressing and frustrating situations. So, here we go: pay attention to the completeness of the data that you stored; make sure that this information is clean, correct and if not, know that you can update it; and be clear in the way you classify and store them. Don't use various different files for data that are linked to the same topic and project. Be smart about it: the clearer it is, the easier it will be for you to work with them and reach your goals. 

There are many features that empower your data safety plan so take a look at your features to make sure that they are set up for your social impact project management tool. And if you need to know more about it, talk to an expert, they're here for you!