General Data Protection Regulation (GDPR)
On 25 May 2018, the general data protection regulation (GDPR) will come into force bringing the biggest change to data protection law in 20 years.
GDPR will replace the Data Protection Act 1998 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. [The UK Data Protection Bill will replicate GDPR]
With stronger emphasis on transparency and the issue of fines and charities reputations on the line, it is essential GDPR is on the agenda at boardroom level and senior managers are aware of their responsibilities.
Information and guidance
Data protection legislation covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors. The legislation requires organisations to comply with eight principles for data protection. Every organisation should have a written policy and procedure that is specific to their context about how they handle personal data and enact privacy principles.
In addition to the articles and resources that NICVA has written there is some excellent guidance available from ICO and other sources for example: Preparing for GDPR 12 steps to take now
- Frequently asked questions for charities
- Checklist for data controllers and data processors
- Fundraising regulator and IOF – GDPR and charitable fundraising guidance
- NCVO Knowhowtononprofit How to prepare for GDPR
- Inspiring financial leadership – GDPR guide for charities