Cyber Resilience and Data Protection in the Third Sector

This briefing will examine how third sector organisations can strengthen its cyber security, prepare for profound changes to data protection law and improve information management.

Data protection is crucial for modern charities

  • Over 40% of charities rate their cyber security knowledge as ‘low’ or ‘very low’. Source: Scottish Council for Voluntary Organisations (SCVO)
  • £2.3 billion, the estimated cost of fraud to UK charities and charitable trusts in the 12 months to November 2017. Source: The Annual Fraud Indicator 2017

In May 2018, the General Data Protection Regulation (GDPR) comes into force with potential fines of up to €20m or 4% of annual turnover for non-compliance. The changes affect activities such as fundraising, campaigning and volunteer management. 

As information processing laws change and the threat and sophistication of cyber-attacks grows, it’s essential charities are prepared for the challenges of the digital age.

Attend this Holyrood briefing for an up-to-date brief on cyber security developments, data protection law and good practice in managing information in the third sector.

Key issues we’ll examine with you

  • The changes to data protection laws, cyber security trends and developments affecting third sector
  • Ensuring procedures and policies for processing personal information and data control are lawful and effective
  • Practical steps to improve your organisation’s cyber resilience, data protection and ability prevent and mitigate data breaches
  • Developing a whole-organisation approach – enhancing awareness, culture and behaviour across all staff
  • Case study examples of good practice in the third sector information management and cyber security

Who will benefit from attending?

Anyone who works for a third sector organisation and has a responsibility for handling information and data protection, including: senior management, trustees, volunteer managers, campaigners, fundraisers, IT and human resource professionals.


09:15 Registration and Refreshments

10:00 Welcome and Introduction by the Chair

Willie Roe CBE, Trustee, British Council, and Chair, Scotland Advisory Committee

10:00 Session 1: Strengthening the Third Sector’s Cyber Resilience

  • The latest cyber security trends, policy and developments affecting third sector organisations
  • Practical steps to improve your organisation’s cyber resilience, prevent and mitigate data breaches
  • Implications for core operations, including: handling donor information, volunteer management, campaigning, direct marketing ​

10:05 Priorities for Cyber Security in the Third Sector

Scottish Government progress made against the Cyber Resilience strategy with a focus on the development and delivery of a Third Sector Action Plan on Cyber Resilience.

Douglas Armstrong, Policy Manager, Cyber Resilience Unit, Scottish Government

10:25 The Carrot or the Stick? Cyber Resilience Approaches in the Third Sector

Sharing learning from working with Scottish charities to explore how best to build a cyber resilient third sector:

  • what we have found to be the greatest need
  • what makes the biggest impact
  • and what that means for future security of the sector

Kyle Usher, Digital Change Manager, SCVO (Scottish Council for Voluntary Organisations)

11:05 Questions and Discussion

11:30 Refreshments and Networking

11:50 Session 2: GDPR and Managing Information in 2018 

  • An up-to-date brief on changes to data protection laws, including: GDPR, coming into force May 2018, and the new UK Data Protection Bill
  • Understand you cyber security, data protection and legal responsibilities in 2018
  • Developing a whole-organisation approach – enhancing awareness, culture and behaviour across all staff

11:50 Beat The Hackers With GDPR​

  • Your security obligations
  • Where you’ll find threats
  • Where you’ll find advice and support

David Freeland, Senior Policy Officer, Information Commissioner's Office​

12:10 Making Privacy A Brand Asset

This presentation will cover the GDPR legal grounds for processing personal data; consent and legitimate interest. I will use case studies from the charity sector. Finally, I will go through the DMA’s latest consumer attitudes to privacy research.

Zach Thornton, External Affairs Manager, Direct Marketing Association

12:30 Questions and Discussion

12:50 Lunch and Networking

13:35 Session 3: Good Practice Seminar

A series of inputs will share insights into good practice and innovation keeping digital system secure, managing information and data effectively. 

13:35 How to Make Cyber Security Work

  • Short on time, budget and resource? Learn how to have big wins quick in security for your enterprise!

Kevin Murphy CISM, President, ISACA  (Scotland)

14:05 Fran Thow, National Support Manager, The Food Train

14:35 Questions and Discussion

14:55 Summary by the Chair

15:00 Close of Event

*Agenda subject to change


Scottish Arbitration Centre, 125 Princes Street, Edinburgh EH2 4AD | Map


Delegate rates (excluding VAT):

  • Discounted rate: 1 place £145 + VAT (Voluntary / charitable organisations with an annual income of less than £1m)
  • Reduced rate: 1 place £245 + VAT | 2+ places £195 + VAT (Central government departments and agencies, local authorities, universities, colleges, NHS, police, professional associations and voluntary / charitable organisations with an annual income over £1m)
  • Full rate: 1 place £295 + VAT | 2+ places £245 + VAT (Commercial organisations e.g. plc, Ltd, LLP)

For more information please email or phone 0131 285 1635

19 April 2018


Share this page