L2 Concerns Detail Editor
Concern #497 | Personal data governance across NationBuilder and third parties is a hotspot
Title
Personal data governance across NationBuilder and third parties is a hotspot
0
characters
Description
Restore Britain’s privacy documentation describes use of NationBuilder for membership management and sharing with payment processors and other service providers. This creates a governance requirement for a controlled data map, consent/lawful basis handling, processor agreements, DSAR workflows, and a single operational owner. (Source: Restore Britain Privacy Policy)
0
characters
Origin
0
characters
Desired Outcome
Clear, compliant data handling across all systems with documented lawful basis, consent capture where needed, and audit-ready records.
0
characters
What Could Go Wrong
Unclear data flows or missing consents lead to GDPR breaches, complaints, and operational disruption.
0
characters
Current Situation
High-level commitments exist in the published policy; internal operational controls and evidence (registers, owners, checks) must be established.
0
characters
Strategy Narrative (JSON)
0
characters
Proposed Strategy
Produce a data processing map (systems, fields, purposes, lawful basis); assign a data owner; implement DSAR/erasure workflows and periodic supplier compliance checks.
0
characters
Action Strategy (JSON List)
+ Add Step
×
Cause
Multiple platforms plus evolving features (membership, donations, comms, participation tools).
0
characters
Event
A data subject request or incident occurs without a proven internal workflow.
0
characters
Consequence
Regulatory exposure and reduced member confidence.
0
characters
Notes
0
characters