General Data Protection Regulation (GDPR)
The General Data Protection Regulation is the biggest change to data protection law in 20 years. This will affect your organisation.
Our Data Protection Toolkit has practical guidance and resources to help you prepare for GDPR
With stronger emphasis on accountability and transparency, and with the matter of fines and charities' reputations on the line, it is essential that GDPR is on the agenda.
Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.
Senior managers as well as staff need to be aware of their responsibilities as data controllers.
The law requires organisations to comply with the principles for data protection.
Every organisation should have a written policies and procedures specific to how they handle personal data and enact the privacy principles.
- GDPR will replace the Data Protection Act 1998 as the primary piece of legislation on data protection.
- The Data Protection Act 2018 will update and modernise UK data protection law in line with the GDPR.
- The UK government has confirmed that the decision to leave the EU will not affect these changes remaining in place.
Information and guidance
In addition to the articles and resources that NICVA has produced, and our Data Protection Toolkit, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:
- ICO - Preparing for GDPR 12 steps to take now
- ICO - Frequently asked questions for charities
- ICO - Checklist for data controllers and data processors
- ICO - Guide to Privacy and Electronic Communications Regulations (PECR)
- Fundraising regulator and IoF – GDPR and charitable fundraising guidance
- NCVO Knowhowtononprofit - How to prepare for GDPR
- Inspiring financial leadership – GDPR guide for charities
Online Learning offer: NICVA has partnered with Legal-Island to offer its member organisations cost-effective online training on the General Data Protection Regulation (GDPR). To find out more check here https://www.legal-island.com/e-learning/gdpr-compliance-in-the-workplace/ or contact [email protected] or call 028 9446 3888 ext #211
If you missed our recent webinar on 'Trustee responsibilities under GDPR' you can watch it now via the link below.
Windows 7 is no longer supported by Microsoft, which leaves its use open to cyber security risks. Upgrading is important to do.
Our fifth and final Data Protection Animation Series video looks at what should be considered when sharing data with others or using the services of a data processor.
The fourth of our Data Protection Animation Series videos explains two of the six important lawful bases—consent and legitimate interests—in more detail.
The third of our five GDPR animation videos covers personal data breaches. It's important to be able to recognise, react to and report data breaches.
What happens to flows of personal data across borders after Brexit, and how might your organisation be affected?
The second of our five GDPR animation videos looks at how the right of access applies, and how you should respond to a Subject Access Request.
As our ability to harness technology and digital services for voluntary and community activity grows so too does the challenge of keeping our organisations safe from cyber fraud and data breaches.
The first in our series of five GDPR animation videos introduces the concept of personal data, helping you to recognise where you have obligations under data protection laws.
Guidance for organisations who collect criminal records data in recruiting employees or volunteers.
- 1 of 2
- next ›
Share your COVID-19 support service information
Organisations providing support to people and communities during the COVID-19 emergency can share their service information