Data protection law changed in May 2018. You may have heard of GDPR and you may be wondering how it affects your organisation.
Data Protection Act 2018 legislation covers how you keep personal data about employees, volunteers, service users, members, supporters and donors. Whilst there are some changes that came with the May 2018 legislation, the basic principles remain the same. It’s a good time to look at your current policy and procedures to make sure they are fit for purpose.
NCVO KnowHowNonProfit website has some useful links and well-written guidance for charities on how to prepare for GDPR.
Information Commissioner's Office (ICO) is the regulator for data protection and privacy law. The ICO website includes a self-assessment toolkit which is suitable for small and medium sized organisations.
The Charity Finance Group have produced General Data Protection Regulation: A Guide For Charities, which has sections on Governance, fundraising, financial data, beneficiary data and employee data.
The Fundraising Regulator and the Institute of Fundraising have produced 6 ‘bitesize’ briefings on GDPR, aimed at fundraisers.
- GDPR and Charitable Fundraising: An Introduction
- Spotlight on Fundraising
- Spotlight on Community Fundraising
- Spotlight on Corporate Fundraising
- Spotlight on Legacies
- Spotlight on Charitable Trust Fundraising
CVS hosted a briefing on The GDPR and how this will affect Voluntary Organisations, in Bedford and Luton. During March 2018, a copy of the GDPR Presentation Slides as prepared and presented by Green Pepper Consulting Ltd has been made available to assist groups. Green Pepper Consulting has also made available to us, a paper on GDPR Consent in data processing. These documents are provided for training/information and do not constitute legal advice.
For training opportunities please visit:
- NCVO — They provide a half day training, that will take you through the essentials of lawful data processing for charities.
- Compass Wellbeing — Provide iLearn Professional Development Courses. They offer an extensive range of over 100 professional development courses cover a variety of categories including GDPR.
- Catalyst CIC -A 2.5hr watch and do training session covering GDPR principles, compliance and legal gateways, and tools and techniques for data management.
What action you need to take regarding data protection and data flows with the EU/EEA.
The EU has now formally adopted ‘adequacy decisions’ for the UK. These allow for the ongoing free flow of personal data from the EU/EEA to the UK. If this situation changes, this page will be updated.