The General Data Protection Regulations (GDPR) will become law on the 25 May 2018. It’s important to consider how this will affect your charity.
GDPR is a new Europe-wide data protection law to provide greater protection around personal data, and it effects every organisation that handles such data.
If your charity asks for, receives or holds personal information from others (for example the email addresses of its users or staff) then these regulations will apply.
The Information Commissioner’s Office (ICO) is the regulator for GDPR.
Understand the basics
Get the information that you need and share it throughout your charity. The ICO guidance about the legislation includes all the information you need to understand it.
The ICO have also produced a dedicated resource page specifically for charities and a helpline has been opened to help you. The page also includes guidance from the Institute of Fundraising and the Fundraising Regulator.
Assess the GDPR impact on your charity
GDPR will apply to all personal information you may acquire and hold about, amongst others, your beneficiaries and users, donors, staff and volunteers.
Make sure you know what data your charity has and how it’s managed. Take a look at the GDPR guide for charities from the Charity Finance Group (CFG).
Get an action plan agreed with your trustees on how you plan to manage the data your charity holds or intends to get, in line with GDPR, and complete the ICO self-assessment to see how ready you are.
Think about whether you need to put processes in place to deal with requirements asked for by GDPR around accountability, transparency and security too.