GDPR and Data Protection Toolkit - Introduction
This Data Protection Toolkit offers practical advice and guidance to implementing the General Data Protection Regulation (GDPR) in your community or voluntary organisation.
It has been developed based on our experience in delivering training and answering enquiries from small charitable organisations in Northern Ireland.
Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.
To familiarise yourself with what you need to do, visit the Getting Started page.
The law requires organisations to comply with the principles for data protection. Every organisation should have written policies and procedures specific to their own context, which address how they handle personal data and enact the privacy principles.
We have worked closely with the local Information Commissioner's Office in the past, and regularly deliver awareness sessions in cooperation with their policy team.
In using this Toolkit keep in mind that context matters. Complying with the data protection principles can be achieved in a number of ways, and there is no single answer to each question or example. It is down to your organisation to decide, for example, what lawful basis is the most appropriate to use.
The Toolkit provides templates by way of example, and covers some frequently asked questions specific to voluntary and community sector groups. They don't provide definitive answers that can be reused in every context, but they will give you an idea about how to get started.
Where we use a term that you might not be familiar with, we link to its entry in the Glossary.
And don't forget you can Ask a Question if there's something that isn't covered here.
Information and guidance
In addition to the articles and resources that NICVA has written, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:
- ICO - Advice for small organisations
- ICO - FAQs for small organisations
- ICO - Data protection self-assessment for small organisations
- ICO - Guide to Privacy and Electronic Communications Regulations (PECR)
- Data Protection Commissioner (Ireland) - GDPR and You
- NCSC - Cyber Security Toolkit for Boards
- Fundraising Regulator – GDPR and Charitable Fundraising guidance
- NCVO - Data Protection and Cyber Security
Where else can I get advice?
The Information Commissioner's Office runs an advice helpline service for small organisations.
The National Cyber Security Centre (NCSC) has a guide for small charities to help them protect their systems against threats and accidental loss of data.
Our Further Guidance lists more resources that may be more applicable to specific sub-sectors and network associations.
Online Learning offer: NICVA has partnered with Legal-Island to offer our member organisations cost-effective online training on the General Data Protection Regulation (GDPR). To find out more click here or contact [email protected] or call 028 9446 3888, ext #211