Make-A-Wish Ireland is ‘triple locked’ by Charities Institute Ireland for best practice in transparency and accountability. As an organisation that processes very sensitive and high-risk data about children who are ill, Make-A-Wish places a lot of importance in complying with the EU General Data Protection Regulation. But tackling this is a daunting task, since the data it collects fits into a lot of different functions and categories.
Other challenges include overseeing consent for marketing activities and managing high-value fundraising. Make-A-Wish also relies on large numbers of volunteers to carry out its work, and they would need to be trained to handle personal information appropriately under GDPR.
Although it’s not under external pressure as other organisations might be, the importance of safeguarding personal information has been at the forefront for Make-A-Wish, even before GDPR came in to force. At the same time, it has a lot of areas to focus on in its core functions alone: the logistics involved in providing the wishes, together with raising the necessary funds to make the wishes come true. This meant it proved to be difficult to get the time and internal expertise to deal with GDPR compliance.