General Data Protection Regulation (GDPR)

The General Data Protection Regulation is the biggest change to data protection law in 20 years. This will affect your organisation.

Our Data Protection Toolkit has practical guidance and resources to help you prepare for GDPR

With stronger emphasis on accountability and transparency, and with the matter of fines and charities' reputations on the line, it is essential that GDPR is on the agenda.

Data protection covers everyone about whom you keep personal data. This includes employees, volunteers, service users, members, supporters and donors.

Senior managers as well as staff need to be aware of their responsibilities as data controllers.

The law requires organisations to comply with the principles for data protection.

Every organisation should have a written policies and procedures specific to how they handle personal data and enact the privacy principles.

  • GDPR will replace the Data Protection Act 1998 as the primary piece of legislation on data protection.
  • The Data Protection Act 2018 will update and modernise UK data protection law in line with the GDPR.
  • The UK government has confirmed that the decision to leave the EU will not affect these changes remaining in place.

Information and guidance

In addition to the articles and resources that NICVA has produced, and our Data Protection Toolkit, there is some excellent guidance available from the Information Commissioner's Office (ICO) and other sources:

Online Learning offer: NICVA has partnered with Legal-Island to offer its member organisations cost-effective online training on the General Data Protection Regulation (GDPR).  To find out more check here or contact [email protected] or call 028 9446 3888 ext #211


Persistent sensitive information breaches failing people living with HIV says Information Commissioner

Information Commissioner John Edwards has condemned data protection standards at health services for people living with HIV and called for urgent improvements.

Information Commissioner outlines support to the sector in NI

On 2 August NICVA welcomed John Edwards, the Information Commissioner, to NICVA, with over 50 people from our sector at the ICO event.

Brexit and the impact on data transfer

As of 1st January 2021, the UK and Northern Ireland are no longer a part of the European Union, and with this significant change come adjustments to policies and legislation.

Trustee responsibilities under GDPR webinar recording

If you missed our recent webinar on 'Trustee responsibilities under GDPR'  you can watch it now via the link below. 

Still using Windows 7? Here's what you need to know

Windows 7 is no longer supported by Microsoft, which leaves its use open to cyber security risks. Upgrading is important to do.

Data Protection Animation Series: Data Sharing

Our fifth and final Data Protection Animation Series video looks at what should be considered when sharing data with others or using the services of a data processor.

Data Protection Animation Series: Consent and Legitimate Interests

The fourth of our Data Protection Animation Series videos explains two of the six important lawful bases—consent and legitimate interests—in more detail.

Data Protection Animation Series: Personal Data Breaches

The third of our five GDPR animation videos covers personal data breaches. It's important to be able to recognise, react to and report data breaches.

What happens to data flows after a no deal Brexit?

What happens to flows of personal data across borders after Brexit, and how might your organisation be affected?

Data Protection Animation Series: Subject Access Requests

The second of our five GDPR animation videos looks at how the right of access applies, and how you should respond to a Subject Access Request.

Share your COVID-19 support service information

Organisations providing support to people and communities during the COVID-19 emergency can share their service information

> Share your support