My team at Kazient looked into the 20 biggest Muslim non-profits in the UK to assess their basic compliance with GDPR – and none could demonstrate they met basic compliance requirements.
My team at Kazient looked into the 20 biggest Muslim non-profits in the UK to assess their basic compliance with GDPR – and none could demonstrate they met basic compliance requirements.
I’ve just launched the Amanah project, a scheme that helps Muslim charities protect the information they hold about their supporters, volunteers and beneficiaries.
They say that data is the new oil – a valuable commodity that governments and multinationals are willing to pay for or even fight over. This is particularly the case when it comes to data on Muslim communities.
I called it Amanah, meaning “trust”, for a reason. We should be able to trust Muslim charities with both our money and also our personal information. More than almost any institutions, Muslim-led charities are trusted by our communities to do so much – starting by helping those in need, at home and abroad. But the role of Muslim charities is even bigger than that: they do everything from entertain us, to support our mosques and schools, to represent us to government and in the media.
Those charities are often the best of our communities – and they need to be run accordingly.
This is especially the case when Muslim charities are subject to increased oversight by regulators, which has in the past led to perfectly legitimate charities being persecuted or even shut down based on false accusations. Islamophobia is everywhere in the UK – including in the charity sector and those in charge of it.
So Muslim charities need to make sure that their houses are in order – even when it comes to dry subjects like GDPR and data privacy.
Donors have a right to expect that their information – which may include personal interests, opinions, and banking details – be kept safe. Charities’ beneficiaries, who include some of the most vulnerable people in society, are even more in need of their privacy being respected and protected.
But Muslim charities are still not leading the way here. My team at Kazient looked into the 20 biggest Muslim non-profits in the UK to assess their basic compliance with GDPR – and none could demonstrate they met basic compliance requirements. When we did the same with the top 20 Christian charities, they could all demonstrate a good level of compliance and refer us to their policies, and many had the information publically available on their website.
GDPR – a piece of EU regulation on data privacy and data security – means that our charities are in danger of huge fines if they do not follow the rules, which can be difficult to understand and harder to implement. The first step is for charities to register with ICO – the Information Commissioner’s Office. One third of Muslim charities haven’t even completed this first basic step which means they are struggling to get to grips with what is required.
This means that when someone from our communities donates money or receives help from them, there is no way of knowing or even trusting where their information will be kept, and how it will be used.
Most data breaches are not because of hacking but simply because of human error because people handling the data don’t know what they should be doing due to lack of training and awareness.
If Muslim charities are involved in the same type of data breaches that have affected other charities, it will harm us all. In the worst case scenario, the data would fall into the hands of far-right Islamophobes.
Many (non-Muslim) charities have fallen foul of data protection laws: Greenwich University was given a fine of £120,000 for a massive data breach which occurred in May 2018. The ICO gave the fine in response to a security breach in which the personal data of almost 20,000 students was placed online (the data had been uploaded in 2004 for a conference and had gone unnoticed since). The following month, the British Foreign and Bible Society was given a fine of £100,000 for an incident which occurred between November and December 2016. The charity’s computer network was left open to attackers who were able to access supporter data amounting to 417,000 individuals.
No one in the Muslim charity sector wants the same to happen to us. No one wants donor’s money to be wasted paying fines to government bodies rather than digging wells or building orphanages.
That’s why I’m working with Muslim charities to encourage GDPR compliance and make it simple and easy for them to understand, and ensure they are compliant and can be trusted with the personal data of the Ummah.
The Amanah project is essential if British Muslims are going to continue to be the most philanthropic community in the UK, and be proud of all the amazing people and campaigns in our charity sector.