Skip to main content

Implementing GDPR in the Charity Sector: A Case Study.

Henriksen-Bulmer, J., Faily, S. and Jeary, S., 2019. Implementing GDPR in the Charity Sector: A Case Study. In: 13th International IFIP Summer School on Privacy and Identity Management – Fairness, accountability and transparency in the age of big data, 20-24 August 2018, Vienna, Austria.

Full text available as:

paper_4.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.


Official URL:


Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that needs to implement GDPR or conduct DPIAs.

Item Type:Conference or Workshop Item (Paper)
Additional Information:Proceedings - Proceedings of the previous summer schools have been published with Springer in the IFIP Advances in Information and Communication Technology (AICT) series from the 3rd summer school on.
Uncontrolled Keywords:Privacy; Case Study; General Data Protection Regulation; GDPR; Contextual Integrity; Privacy Risk; Data Protection Impact Assessment; DPIA;
Group:Faculty of Science & Technology
ID Code:31799
Deposited By: Symplectic RT2
Deposited On:15 Feb 2019 14:33
Last Modified:14 Mar 2022 14:14


Downloads per month over past year

More statistics for this item...
Repository Staff Only -