GDPR and Data Protection Toolkit - Introduction

GDPR and Data Protection Toolkit - Introduction

 

This Data Protection Toolkit offers practical advice and guidance to implementing the General Data Protection Regulation (GDPR) in your community or voluntary organisation.

It has been developed based on our experience in delivering training and answering enquiries from small charitable organisations in Northern Ireland.

Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.

To familiarise yourself with what you need to do, visit the Getting Started page.

The law requires organisations to comply with the principles for data protection. Every organisation should have written policies and procedures specific to their own context, which address how they handle personal data and enact the privacy principles.

We have worked closely with the local Information Commissioner's Office in the past, and have delivered a number of awareness sessions in cooperation with their policy team.

In using this Toolkit keep in mind that context matters. Complying with the data protection principles can be achieved in a number of ways, and there is no single answer to each question or example. It is down to your organisation to decide, for example, what lawful basis is the most appropriate to use. 

The Toolkit provides scenarios and templates by way of example. They don't provide definitive answers that can be reused in every context, but they will give you an idea about how to get started.

Where we use a term that you might not be familiar with, we link to its entry in the Glossary.

And don't forget you can Ask a Question if there's something that isn't covered here.

Information and guidance

In addition to the articles and resources that NICVA has written, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:

Where else can I get advice?

The Information Commissioner's Office runs an advice helpline service for small organisations.

The Fundraising Regulator has 'bite-sized' guidance briefings aimed at smaller organisations covering the implications of GDPR on different types of fundraising.

The National Cyber Security Centre (NCSC) has a guide for small charities to help them protect their systems against threats and accidental loss of data.

Our Further Guidance lists more resources that may be more applicable to specific sub-sectors and network associations.

Online Learning offer: NICVA has partnered with Legal-Island to offer our member organisations cost-effective online training on the General Data Protection Regulation (GDPR).  To find out more click here or contact [email protected] or call 028 9446 3888, ext #211