This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • A site by BDO_JE

Environmental Charity Fund

The organisation works closely with both charity community members and volunteers through its sites, regular events, and educational projects. The community helps island residents and visitors to gain a better understanding of the environment, striving to preserve natural habitats and local species.

Request a Demo


BDO data protection experts supported the implementation and onboarding of ROBUS. The team helped us to analyse and de-duplicate our existing ROPA and Asset registers, improving and standardising the quality of information.

Company Type







Environmental charity organisations must protect the data they work with like any other organisation, especially taking into account how specific this information can be. If sponsors or other individuals that interact with the organisation do not understand where their personal data is stored and whether it is safe, it may turn volunteers and the public away from the company’s mission.

GDPR has significant implications for charities, especially concerning the data about their clients, donors, and employees, including volunteers. Each of these groups has its own set of privacy concerns, which must be taken into account while handling their data internally.

Most environmental charities process personal data on the basis of an individual’s consent or contract with an organisation or on the basis of legitimate interests of the environmental charity.

If your charity organisation is based in the EU, or if you process personal data of individuals in the EU, there are some key points to know regarding the GDPR:


Donors must freely give consent for the gathering and processing of their data and reserve the right to withdraw their consent at any time.

Right to access

Donors have the right to access any personal information that has been collected from them. They can ask for confirmation whether their personal data is being processed, as well as where and for what purpose, and they can be provided with a copy of that data.

Right to Erasure

Our donors can ask us to delete their information, this is also known as the right to be forgotten. This is underpinned by the principal of letting an individual to request the deletion or removal of their personal where there are no strong grounds for its continued processing.

Transparency policy

Organisations must be transparent in the way they process personal data and be ready to report on data processing and storage at any time.

Efficient management of third-party data

Any relations with third parties, such as suppliers, event organisers, marketing providers, technology providers and partners must have data processing agreements in place. Employees have to understand the data they handle, where data is stored, and who has access to data.

Reporting a Data Breach

Organisations must be able to detect, manage, and report data breaches, including liaising with the relevant Data Protection Authorities if necessary.

Why is it Important?

It has to be taken into account that charity organisations are treated the same way as others and their status and unique format of activities do not give them any exceptions or exemptions from the GDPR compliance perspective. There have been high-profile failures from charities to store data securely recently. Other notable cases have included the non-consensual sharing of data and subsequent harassment of data subjects on certain donor databases.

Therefore, fundraising professionals and specialists working with or supporting fundraisers need to make sure that all information about donors complies with the GDPR and that all employees and volunteers are aware and trained on the ways of performing data processing and protection. Furthermore, when asked, a charity must be prepared to justify any actions they perform with donor data and remove data if necessary.

Some facts about activities connected with GDPR compliance in the UK, 2020-2021

Request a Demo

11,854 reports of personal data breaches were received in 2021 by the end of March, down from 13,840 in 2020

Charities reported 4.5% of the breaches during the year, which is equivalent to about 535 cases

The charity sector was eighth on the list of sectors having the biggest number of data breaches throughout the year, well behind the health sector holding first place with 19.7% of cases

Client Specific Needs?

Systematisation of large volume of confidential data

While the organisation is located on the island of Jersey, it is part of a much wider network of charity organisations across the UK that also collect data on behalf of the government. It leads to a surprisingly large volume of processed sensitive data that must be protected according to the GDPR. Even when personal data is processed lawfully, the duration and justification of data storage require different customised approaches.

Secure data exchange process

As an organisation that works with a big number of service providers, many of which are chosen for ad hoc projects, the charity fund stays completely responsible for what they do and how they utilise the private data they have access to.

The charity uses consent as one of the legal bases for processing person data

In most cases, an environmental charity uses consent as the legal basis for processing personal data. Consent must be given voluntarily and with a full understanding of all rights and restrictions. It makes a data collection and management system vitally important for all volunteers and employees, allowing them to work with personal data in line with the GDPR.

ROBUS Solutions Description

Confidential data processing

ROBUS provides your organisation with a holistic, paperless, centralised solution to perform all required activities in one place with a click of a button. All activities are presented in a dashboard, giving an immediate oversight for the leadership team and triggering an automated review cycle. It allows you to receive tips on legal requirements to help your organisation on its journey to GDPR compliance.

Third-party data management

ROBUS service provider management section enables quickly recording and assessing when, where, and how the third-party data was processed. As a result, it helps to purge duplicate and unnecessary data processing. ROBUS also provides your team with an efficient tool to manage third-party engagement going forward.

De-plocation of information and effort

ROBUS provides you with One Version of the Truth not only in terms of your data protection but for your information governance overall. ROBUS allows you to perform all activities required by the Data Protection Legislation in one place and keeps your GDPR records in a secure Microsoft environment.

implementation outcomes

Request a Demo

Fast and smooth transition

With ROBUS, in a fairly short period of time, we have been able to streamline a huge amount of data (often divided into different standalone areas, storage bases, companies, etc.) into a single convenient format, where every authorised employee, including volunteers, can easily find any information.

Up-to-date regulatory framework

ROBUS is always adapted to the latest GDPR legislation and we do not need to pay extra attention to keep up with innovations, ROBUS takes care of that for us at no extra cost.

Full integration with a secure Microsoft environment

The use of Microsoft Stack-based platforms by ROBUS provides significant benefits. Firstly, it remarkably reduced the time needed to implement ROBUS (since the organisation actively uses Microsoft 365). Secondly, it gives significant confidence in data security, which is guaranteed.

Established data protection process

ROBUS’ team helped us to analyse and streamline the existing data and develop a questionnaire for effective GDPR-compliant identification and data protection work, giving us and our clients confidence in a cloudless future for our collaboration.

Extra value ROBUS brings

Request a Demo

Built by professionals for professionals

Manual processes using Excel and Word with no cycle of improvement can be costly, time-consuming, complex, and non-effective. ROBUS provides your organisation with a holistic, paperless, centralised solution to perform all required activities in one place.

Personalised approach

ROBUS’ team of experts follows a personalised approach to meet your organisation’s needs on the way to compliance and navigate you through ROBUS’ functionality and features. ROBUS tool is customisable to fit your organisation’s Corporate Visual Identity.

Configurable e-mail notification

Whenever you need to know whether it is a data breach or just a new document deployed by the financial department into the system, you can be automatically notified by the system about it.

Get in touch
for more information.

Give us a call, send us an email, or complete the form below and we will get back in touch with you to show you how ROBUS can benefit your organization and help you understand its comprehensive list of features.

Enter security code:
 Security code