Our story begins in a Public Sector team meeting in April 2021, in which our senior manager, Katja Hommel, asked about supporting a women’s shelter in Germany. BearingPoint had been in touch with this nonprofit before – back then, we mobilized donations for them in our traditional Christmas Donation campaign in Germany.
The women’s shelter we work with is one of 400 similar institutions in Germany. These shelters ensure women and children in danger have a place to live for as long as necessary; these places are secret and protected. What these shelters have in common is that demand is higher than the spaces they can offer – they are often significantly underfinanced. One of the many side effects of limited resources is that these organizations often need to postpone critical organizational improvements.
When we again were in touch with our contact person in April 2021, we learned that our GDPR-related knowledge would greatly benefit them, as data protection for such a sensitive program is critical. GDPR is short for General Data Protection Regulation, which became binding for all organizations (including smaller nonprofits) in May 2018 as a standard framework for data collection, processing, and storage rights when engaging with private individuals.
A team ready to work with the organization was quickly found – and two people started an impact assessment by challenging process management regarding the GDPR.
The defined goal of our pro bono project was to challenge existing processes and procedures within the organization to ensure compliance with the GDPR. Also, we were encouraged to use the findings of the process screening as an opportunity to challenge existing processes and propose re-designed and simpler alternatives.
We had to pause the project for a couple of months due to other priorities, but in the meanwhile, two new team members from BearingPoint joined the project and took a fresh look at the screening results. They developed a three-step guide that showcased the implementation with the nonprofit women’s shelter.
After we established an initial overview of the process infrastructure of the organization, we created a processing directory template, wherein we specified the legally binding requirements with the EU-GDPR. In parallel, we made sure that the template was easy to use for the shelter’s staff.
Due to lasting COVID-19 restrictions, we were not able to make an “on-site” visit with the organization to jointly fill our template with content. Instead, we used our experience from many months of virtual client workshops and organized two remote workshops with some team members of the women’s shelter, who described in detail their extensive activities and offerings, as well as their current workflows.
Our BearingPoint team took the information from the interviews and workshop feedback to fill the directory. To ensure that the women’s shelter team is empowered to work on data protection requests independently, we wrote a handbook that addresses the most important questions regarding data protection in their specific environment.
We would really like to thank the team of the women’s shelter (which wants to stay anonymous) for their openness, trust, and time.