When I first started CONNECTED BY DATA, one of the first things I thought about was the website’s privacy policy. Wouldn’t it be great, I thought, if we could demonstrate the kind of approaches that we’re advocating for in our own practice. But then there was so much other stuff to do – website content, hiring, finance, strategy work, engagement, projects, fundraising, writing, and so on and on – that it was easier to use a couple of off-the-shelf data protection policies for recruitment and just to not even track website analytics.
Then we got going on our advocacy work, and started organising events. And this meant we needed to collect data – personally identifiable data – and about privacy advocates! The worst kind of data subject. We knew we had to take a proper look at our data protection approach.