Data Protection

What is data protection?

Data protection is the act of protecting personal or sensitive information in how it is collected, stored, used, and shared.

Why is data protection important?

A significant amount of information is captured about survivors and beneficiaries through the course of our work. Policies, protocols and practices on data protection are essential to our work because unprotected data or the unauthorized access, use or sharing can endanger survivors, staff and the sustainability of programming.  Beyond threat of harm, it is our responsibility to collect only what is safe, ethical, and actionable but also what we can realistically protect to ensure survivor or beneficiary information is not abused.

Protecting the data of the survivors and beneficiaries we work with can be a challenge. Especially so when there is a lack of policies or guidance on data protection, when programs are working in highly insecure environments, and when resources are limited. All data collected needs to be protected, not just GBVIMS data.

When is data protected?

Data can be considered protected when:

• there is a clear purpose for collection
• there are limits to what is being collected (safe, ethical, actionable, consented)
• the information is secure (reasonable safeguards are in place to protect from unauthorized access, use or sharing, destruction, or loss)
• survivors/beneficiaries are informed about their rights, and their rights are respected
• policies, protocols and/or practices are implemented and effective in regulating the collection and use of information

Below are resources for data protection:

• Data Protection Checklist
• Data Protection Protocol (ISP Annex)
• Staff Data Protection Agreement
• Data Protection Glossary