Home | Charities & Groups | Running Your Organisation | How to… | Comply with GDPR

Comply with GDPR

The new General Data Protection Regulations (GDPR) came into effect on 25 May 2018 and apply to all organisations, including charities and voluntary organisations, that process personal data. Below are a number of helpful resources to help you comply to the new regulations.

Image courtesy of Wheelpower

What is it?

GDPR stands for ‘General Data Protection Regulation’, and it is a new piece of legislation that came into force in May 2018. While it builds on existing Data Protection legislation, it represents a significant change for organisations that hold and process personal data.

Will it affect me?

If your organisation holds personal data, whether in the form of contact information or any other sorts of personal data (for example, information about ethnicity, religious belief, or bank account or credit card information) elements of the new regulations apply to you.

What can I do to prepare?

There are a number of good resources online, some specifically aimed at the charitable sector, some more general, which should equip you to at least assess what you need to do as an organisation to ensure that you are compliant with the new regulations. There is no ‘one size fits all’ approach, as what will be required of you will vary significantly depending on the sort of organisation you are, and what you do with the data that you collect and hold.

Resources

Knowhow: How to prepare for GDPR and data protection reform
FSI: GDPR – what small charities can do now
The Fundraising Regulator has information and guidance for small charities as well as easy to understand information about what GDPR will mean for you.
The Information Commissioner provides some good resources in the form of a self assessment toolkit to assist with the various elements that may or may not be directly relevant to you. They also have a hotline to support organisations employing fewer than employees with GDPR queries. This can be reached on 0303 123 1113.
NCVO’s Knowhow Non Profit site has also produced a 12 point plan, adapted from the ICO guidance
The Director of Social Change (DSC) has a free, expert downloadable guide to GDPR
The company ‘IT Governance’ have produced a Compliance Guide which can be freely downloaded from their website.
If your organisation raises funds directly from individuals, there are changes there too which you need to be prepared for. Tim Turner, a former policy manager at the ICO, has produced a ‘survival guide’ which is freely downloadable from the ‘Civil Society’ website and the Institute of Fundraising has also produced a free guide for such organisations.

Protecture: Clearing the haze around the GDPR maze webinar