Privacy and compliance in grants management software

by | Aug 26, 2021

This is Part 5 in a 5-part series, where we look at why security is important in grantmaking and what you should look for when evaluating a grants management system.

Privacy and compliance is about safeguarding your identity and the identity of your reviewers and applicants.

In this article, we’ll discuss the core features to keep an eye out for in your efforts to ensure the privacy of data associated with you, your program, your reviewers and your applicants.

We’ll also help you understand what privacy management software is and what features you’ll need to ensure you are compliant with data privacy laws.

Privacy and compliance in your grants management system

1. Data residency

In the context of grants, scholarships or other funding programs, data residency is where an organisation, government body, education body, or business specifies the geographical location for where they store their grants, scholarships or funding data.

Many organisations are required by law to store their data in a specific region. In the EU, for example, GDPR requires data residency in the EU. Most software vendors do not offer a choice in data residency and that data may be stored in a country or region you may not be able to work with if you are trying to be compliant.

Ask where your data will be stored. And keep an eye out for whether you can choose to have your data stored in a region of your choice. This is becoming all the more important as new privacy laws are implemented.

In Good Grants:

When it comes to your data hosting location, you have the freedom to choose between several supported regions. As we are always adding new regions to our supported list, it is best to check our website for an up-to-date list of available locations.

2. Data handling practices

Data handling is basically how the software vendor handles the data they have access to, who in their organisation has access and from where the data is accessible. A detailed data handling process within a software vendor is a key indicator of whether they them- selves will be compliant with data security laws and protect the information they have… about you!

While many do not share the actual procedures (since this is a potential security risk), it is important to check if it has been mentioned or that a plan is indeed in place.

In Good Grants:

We’ve developed and implemented comprehensive processes, privacy safeguards and ongoing training for our teams to ensure we are following best-practice data handling procedures.

3. Safeguarding personal data

Personal data, sometimes referred to as Personally Identifiable Information (PII), is information that can be used to uniquely identify, contact or locate a single individual. Keeping PII secure is dictated by various regulations and privacy laws internationally. Check to see what measures are being taken to protect PII in the software you are investigating.

For example, if a malicious party were to identify an applicant who was about to receive funding or resources, this may put the applicant at risk. There is also the concern over non-compliance of data privacy law.

In Good Grants:

Apart from all the security measures, data handling procedures, data residency and general encryption of data in motion and at rest, Good Grants offers additional layers of encryption for elevated security on sensitive data fields.

Program managers can set elevated levels of data protection on personal and sensitive fields easily by simply selecting the appropriate option in the question settings.

4. The right to be forgotten

Under GDPR and other data protection laws, data subjects (your users) have the right to erasure, also known as the ‘right to be forgotten’. A user has the legal right to ask you for their personal data to be permanently deleted from your records, which you must action.

Check whether the software you are investigating comes with an easy method for deleting user data and comes with a certificate of deletion to forward to any user who has requested their data be removed. If a vendor advises they will do the deletion for you, be wary. How will you know for certain it has been deleted?

In Good Grants:

You can permanently delete a user from Good Grants. Once you have done so a downloadable “Certificate of deletion” is made available to send back to the user as formal proof of the erasure.

5. Consent

Under privacy laws, your users (reviewers and applicants) must be able to opt in, explicitly, to your program’s privacy policy, cookie policy, terms of service and give explicit consent to receive notifications and emails.

Check whether consent is actively and explicitly required in the software you are investigating. Implicit opt-in is not compliant with most modern data privacy laws and regulations.

In Good Grants:

Program managers can obtain EXPLICIT agreement from users to our standard (GDPR compliant) privacy policy, cookie policy and terms of service and these can be requested at key moments in their engagement with you.

At registration:

For new users, we offer a registration form which allows users to selectively opt-in to the privacy policy, terms of service and the cookie notice.

Cookie notice:

Good Grants comes with a handy cookie notice built directly into the software. So, you’ll not need to worry about adding one yourself. You have control over the consent text on display and can also set the visibility of this feature if it is not required in your region.

This concludes our 5-part series on security and its importance for your grants or scholarship program. Now that you’re better informed on what privacy management software is, don’t forget to download our free ebook, which features a handy checklist you can use to evaluate different grants management systems.

Search our blog

Categories

Follow our blog