DATA RESPONSIBILITY V2.2

Continuous improvement in processing data responsibly.

10 minute read.

You can download the Data Responsibility Policy V2.2 here!

In an earlier blog post we released the first public 510 Data Responsibility policy V 2.0. Since that release, 510 has undergone several major developments both in terms of a significant increase in the number of team members, a further diversification of its project and program portfolio, processing of personal data and the use of new data storage solutions.

As a result, the former version required significant updating to also include practical tools and work processes to aid teams in processing data responsibly in their projects and programs.

Continuous improvement life cycle process

The updates to the policy followed a “continuous improvement life cycle process” comprising of the four stages Assess, Design, Implement and Evaluate.

Assess:

One-on-one interviews were conducted with team members, to capture their feedback and observations in terms of the added value and shortcomings of the first release. This formed the base-line for a re-design of the policy document and its attachments during the design stage.

Design:

Recognizing the significant behavioural change associated with this policy, particular emphasis was placed on outlining the roles and responsibilities typically associated with processing data in 510. This led to defining “data specific roles” within 510 such as those for curating, owning, controlling and processing personal data. There was also a need to have an overview of all storage systems in use and their main functionalities enabling users to select an appropriate storage system for their data. Lists of tools and practical methods were added to help in protecting data. Process diagrams were added for each data processing stage of the data life cycle to help users execute the required steps in the right sequence. We also re-visited the terminology and definitions in the policy and closely aligned them with the terminology used in the GDPR.

Implement:

The policy has been in use in 510 since the 5th of Oct 2018. As part of its implementation, a steering committee comprising of members of 510 and members of the NLRC, was formed. Every month this committee will discuss and evaluate the experiences of users applying the policy in their data projects. “Best practices”, “practices worth replicating” and the advice given will be captured over time and help in updating future releases of the policy in a targeted way.

Evaluate:

Every six months the insights gained from the implementation stage will be used for updating and improving the policy. We will then go through the continuous improvement life cycle again, starting with the assess stage.

You can download the Data Responsibility Policy V2.2 here!

We would like to thank all internal and external reviewers for their valuable feedback and observations, helping us to improve 510’s policy for processing data responsibly.

510’s Data Responsibility Team

Please contact  kahmed@rodekruis.nl  or jramakers@redcross.nl  if you would like to know more.

“At 510 we are on a continuous learning path (together with many humanitarian organisations) to improve the responsible processing of data. The policy document and its supporting materials are instrumental in making this happen”.

Stefania Giodini 510 Team Lead

“I kindly urge all humanitarian and development organisations to have something like this in place, so collectively we can be responsible while going through a digital transformation.”

Maarten van der Veen 510 Team Lead
With special thanks to Chris McIntyre who created these short explainer videos.

 

Comments are closed