General Data Protection Regulation (GDPR)

Data Protection Toolkit - Contracts and Data Sharing
It's often crucial that charitable organisations share personal data with others to provide important services to people in need. This could include work with service delivery partners, reporting to funders or making referrals.
GDPR Animation Series
We'll be launching a new animation over the first five months of 2019 on a different data protection topic. Stay tuned to this blog and NICVA Enews for more!
Data Protection Toolkit - Protecting children's data
Here are some things you might have questions about if your charity or community group collects or uses personal information about children.
Data Protection Toolkit - Dealing with a Subject Access Request
Subject Access Requests are made by a person whose data you process to a request a copy of their own information. You need to have procedures in place to be able to identify and respond to these requests within one month.
Data Protection Toolkit - Data Protection Policy
A Data Protection Policy (not to be confused with a Privacy Policy or Privacy Notice) is an internal policy which outlines your organisation's approach to protection data.
Data Protection Policy
This article outlines NICVA’s approach to data protection. It sets out how we protect personal data that we process.
Data Protection Toolkit - Personal Data Breaches: are you prepared?
Whatever security measures you might have in place, you can never be 100% safe from a breach. A breach could lead to an investigation from the regulator, resulting in potential enforcement action against your organisation. Being prepared is essential.
Data Protection Toolkit - Write a Privacy Notice
Privacy notices help the people who you process personal data about understand why and what you do with their information. The GDPR specifies what must be included and how they should be written.
Data Protection Toolkit - Templates and Guidance
Our guidance addresses some common themes for data protection in the voluntary and community sector. We've created some templates as a starting point for you to work with.
Data Protection Toolkit - Document your processing activities
It is a legal requirement of the General Data Protection Regulation (GDPR) to keep a clear record of your processing activities. This resource explains what to do and provides templates for you to get started.
Data Protection Toolkit - Frequently Asked Questions
A number of common scenarios and questions that we have received on GDPR and data protection.
Data Protection Toolkit - Further Guidance
More resources on GDPR and data protection, including sub-sector specific information.
Data Protection Toolkit - Legitimate Interests Assessment & Template
Legitimate interests is one of six lawful basis set out in the GDPR to justify the processing of personal data (data relating to an individual from which that individual can be identified).
Data Protection Toolkit - Getting Started
Your first steps to compliance with GDPR. This guide focuses on what you need to know and focus on now, with signposting to more practical advice and resources.
Data Protection Toolkit - Glossary
A GDPR jargon-buster that covers the key topics in data protection.
Cyber Security: Small Charity Guide
Protect your organisation from the most common threats by following the National Cyber Security Centre's guide for small charities.