GDPR and Data Protection Toolkit - Introduction
This Data Protection Toolkit offers practical advice and guidance to implementing the General Data Protection Regulation (GDPR) in your community or voluntary organisation.
It has been developed based on our experience in delivering training and answering enquiries from small charitable organisations in Northern Ireland.
Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.
To familiarise yourself with what you need to do, visit the Getting Started page.
The law requires organisations to comply with the principles for data protection. Every organisation should have written policies and procedures specific to their own context, which address how they handle personal data and enact the privacy principles.
In using this Toolkit keep in mind that context matters. Complying with the data protection principles can be achieved in a number of ways, and there is no single answer to each question or example. It is down to your organisation to decide, for example, what lawful basis is the most appropriate to use.
The Toolkit provides templates by way of example, and covers some frequently asked questions specific to voluntary and community sector groups. They don't provide definitive answers that can be reused in every context, but they will give you an idea about how to get started.
Where we use a term that you might not be familiar with, we link to its entry in the Glossary.
And don't forget you can Ask a Question if there's something that isn't covered here.
Information and guidance
In addition to the articles and resources that NICVA has written, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:
- ICO - Preparing for GDPR: 12 steps to take now
- ICO - FAQs for charities
- ICO - Checklist for data controllers and data processors
- ICO - Guide to Privacy and Electronic Communications Regulations (PECR)
- Data Protection Commissioner (Ireland) - GDPR and You
- Fundraising Regulator and IoF – GDPR and Charitable Fundraising guidance
- NCVO Knowhowtononprofit - How to prepare for GDPR
- Inspiring Financial Leadership – GDPR guide for charities
Where else can I get advice?
The Information Commissioner's Office runs an advice helpline service for small organisations.
The Data Protection Commissioner (Ireland) has a set of GDPR resources.
The Fundraising Regulator has 'bite-sized' guidance briefings aimed at smaller organisations covering the implications of GDPR on different types of fundraising.
The National Cyber Security Centre (NCSC) has a guide for small charities to help them protect their systems against threats and accidental loss of data.
Our Further Guidance lists more resources that may be more applicable to specific sub-sectors and network associations.
Online Learning offer: NICVA has partnered with Legal-Island to offer our member organisations cost-effective online training on the General Data Protection Regulation (GDPR). To find out more click here or contact [email protected] or call 028 9446 3888, ext #211