Data and digital technology offer tremendous potential to improve the speed, quality and cost effectiveness of humanitarian aid. These can also cause harm however, even in unforeseen ways. The Data & Digital Responsibility policy helps us mitigate this risk of doing harm. It also increases transparency for the users on how digital products and services work and perform. The policy is developed by 510 and helps us and our humanitarian partners leverage the potential of data and digital technology in a responsible way. ‘We believe this updated policy, which now also focuses on digital responsibility matters, will also be of great value to those continually addressing data & digital responsibility challenges in their digital transformation journeys’, says Maarten van der Veen, team lead at 510. Read our Data & Digital Responsibility policy here (UPDATE: 2024 version).

The Data & Digital Responsibility Policy
When collecting and utilizing personal data, the EU General Data Protection Regulation (GDPR) imposes vital obligations upon organizations in terms of data protection. The Data and digital responsibility policy goes beyond compliance with the GDPR however and also considers the potential to do harm through use of non-personal data and digital technology. This new policy complements our organization’s privacy policy.

510 defines data and digital responsibility as:

“The responsible processing of data and use of digital technologies with respect to privacy, ethical standards and humanitarian principles, bearing in mind potential consequences and taking pro-active measures to avoid harming individuals or communities”.

The figure below shows how we go beyond the protection of personal data. When we design and develop digital solutions we leverage the Red Cross Red Crescent’s (RCRC) global presence to access local knowledge, which then is applied to inform our work. Finally, we apply a range of ethical standards and principles, including our own Movement Principles as well as the humanitarian “do no harm” principle.

The new version
The new Policy has been split into two main documents: The foreground document (Policy), describing the purpose, main process steps and templates, and a background document, a live document, containing definitions of common terminology, examples of terminology and principles in practice, and several references to sources for further study. The Policy has been shortened for ease-of-use and more emphasis has been put on human-centricity, digital technology, ethical use of data & technology, and the importance of data quality.

Version 3 marks a shift in focus, from data protection and privacy to the responsible use of data and digital technology. It focuses less on personal data protection because this is adequately addressed in our organization’s privacy policy. It now includes a focus on the responsible use of digital technology. Its ultimate aim is to ensure that whenever people use digital technology, they are aware of what data is processed, how it is processed, the quality of the data and the technology and what the risks and benefits are.
Note: all previous versions of the policy are superseded by version 3.0.

Every twelve months the insights gained from the implementation will be used for updating and improving the policy. We will then go through the continuous improvement life cycle again, starting with the assess stage.

Data & Digital responsibility review process

Want to learn more or implement the Data & Digital Responsibility in your organization? Please contact

More than 10 volunteers contributed to the making of the policy, among them Kamal Ahmed, Ҫakil Civelek, Marta Castro Diaz, and Saskia Tdlohreg.

Read our Data & Digital Responsibility policy here (UPDATE: 2024 version).