General Data Protection Regulation (GDPR)
On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force bringing the biggest change to data protection law in 20 years.
Update: We've launched our Data Protection Toolkit with practical guidance and resources to help you prepare for GDPR
The changes that GDPR will bring will replace the Data Protection Act 1998 as the primary piece of legislation on data protection, and the UK government has confirmed that the decision to leave the EU will not affect the commencement of these changes. The UK Data Protection Bill will update and modernise data protection law in the UK in line with the GDPR.
With stronger emphasis on accountability, transparency and with the issue of fines and charities' reputations on the line, it is essential that GDPR is on the agenda and that senior managers as well are aware of their responsibilities as data controllers.
Information and guidance
Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.
The law requires organisations to comply with eight principles for data protection. Every organisation should have a written policy and procedure that is specific to their own context about how they handle personal data and enact the privacy principles.
In addition to the articles and resources that NICVA has written, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:
- ICO - Preparing for GDPR 12 steps to take now
- ICO - Frequently asked questions for charities
- ICO - Checklist for data controllers and data processors
- ICO - Guide to Privacy and Electronic Communications Regulations (PECR)
- Fundraising regulator and IoF – GDPR and charitable fundraising guidance
- NCVO Knowhowtononprofit - How to prepare for GDPR
- Inspiring financial leadership – GDPR guide for charities
Online Learning offer: NICVA has partnered with Legal-Island to offer its member organisations cost-effective online training on the General Data Protection Regulation (GDPR). To find out more check here https://www.legal-island.com/e-learning/gdpr-compliance-in-the-workplace/ or contact [email protected] or call 028 9446 3888 ext #211