General Data Protection Regulation (GDPR)

On 25 May 2018, the  general data protection regulation (GDPR) will come into force bringing the biggest change to data protection law in 20 years. 

GDPR will replace the Data Protection Act 1998 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.  [The UK Data Protection Bill will replicate GDPR] 

With stronger emphasis on transparency and the issue of fines and charities reputations on the line, it is essential GDPR is on the agenda at boardroom level and senior managers are aware of their responsibilities.

Information and guidance

Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation requires organisations to comply with eight principles for data protection. Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.

In addition to the articles and resources that NICVA has written there is some excellent guidance available from ICO and other sources for example: Preparing for GDPR 12 steps to take now



Introduction to GDPR webinar
26 Mar 2018 -
12:00 to 12:45
Getting ready for GDPR (FULLY BOOKED)
18 Apr 2018 -
10:00 to 13:00
Getting ready for GDPR
9 May 2018 -
10:00 to 13:00


Information Officer


Neil Wilson Information Officer
Sandra Bailie Head of Organisational Development
Stephen Gray Head of Information Management
Una McKernan Deputy Chief Executive